Threat Intelligence Center LIVE
Curated threat intelligence from CISA KEV, NVD and EPSS — actively-exploited and recently-disclosed vulnerabilities, explained.
Global Threat Activity
Actively-exploited vulnerabilities we’re tracking — illustrative
Threat Feed Timeline
View all- Jul 14 Critical vulnerability added CVE-2026-56190
- Jul 14 Critical vulnerability added CVE-2026-55010
- Jul 14 Critical vulnerability added CVE-2026-50518
- Jul 14 Critical vulnerability added CVE-2026-50447
- Jul 14 Critical vulnerability added CVE-2026-50380
- Jul 14 Added to exploited watchlist SonicWall SMA1000 Appliances · CVE-2026-15410
Threats by Severity
- Critical61 (76%)
- High12 (15%)
- Medium4 (5%)
- Low1 (1%)
- Unscored2 (3%)
Threats by Type
Top Vendors
Top Affected Technologies
CVE-2026-56190 — Use of uninitialized resource in Windows RDP allows…
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to execute code over a…
CVE-2026-55010 — Heap-based buffer overflow in Minecraft Bedrock Dedicated Server…
Heap-based buffer overflow in Minecraft Bedrock Dedicated Server allows an unauthorized attacker to execute code over…
CVE-2026-50518 — Heap-based buffer overflow in Windows DHCP Server allows…
Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a…
CVE-2026-50447 — Heap-based buffer overflow in Windows Message Queuing allows…
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over a…
CVE-2026-50380 — Heap-based buffer overflow in Windows GDI+ allows an…
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
SonicWall SMA1000 Appliances
SonicWallSonicWall SMA1000 Appliances contain a code injection vulnerability which in specific conditions could potentially enable a…
SonicWall SMA1000 Appliances
SonicWallSonicWall SMA1000 Appliances contain a server-side request forgery vulnerability that could allow a remote unauthenticated attacker…
Microsoft SharePoint Server
MicrosoftMicrosoft SharePoint contains a missing authentication for critical function vulnerability that allows an unauthorized attacker to…
Microsoft Active Directory Federation Services
MicrosoftMicrosoft Active Directory Federation Services contains an insufficient granularity of access control vulnerability that allows an…
CVE-2026-58644 — Deserialization of untrusted data in Microsoft Office SharePoint…
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over…
CVE-2026-55008 — Improper neutralization of input during web page generation…
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an…
CVE-2026-54990 — Heap-based buffer overflow in Remote Desktop Client allows…
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a…
CVE-2026-50522 — Deserialization of untrusted data in Microsoft Office SharePoint…
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over…
CVE-2026-49798 — Use after free in Windows Kernel allows an…
Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
CVE-2026-49172 — Heap-based buffer overflow in Windows FTP Service allows…
Heap-based buffer overflow in Windows FTP Service allows an unauthorized attacker to execute code over a…
CVE-2026-48561 — Improper neutralization of special elements used in a…
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an…
CVE-2026-42990 — Heap-based buffer overflow in SQL Server ODBC driver…
Heap-based buffer overflow in SQL Server ODBC driver allows an unauthorized attacker to execute code over…
CVE-2026-15701 — A weakness has been identified in Totolink NR1800X…
A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. Affected by this issue is the function…
Apache Kylin
ApacheImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache…
Apache Kylin
ApacheImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Kylin.…
Apache Doris
ApacheCertain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker…
CVE-2026-58479 — Sustainable Irrigation Platform (SIP) through version 5.2.16 contains…
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a command injection vulnerability in the optional cli_control…
CVE-2026-56451 — A vulnerability has been identified in Opcenter X…
A vulnerability has been identified in Opcenter X (All versions < V2604). Affected applications do not…
CVE-2026-44761 — SAP Commerce Cloud could retain a sample OAuth2…
SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from…
CVE-2026-44747 — SAP NetWeaver Application Server ABAP allows an authenticated…
SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management…
CVE-2026-27690 — Due to an HTTP Request Smuggling vulnerability in…
Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a…
Perl Perl
PerlPerl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than…
Ollyo Helix Ultimate
OllyoThe Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion.
Fossies Gawk
FossiesInteger overflow vulnerability has been found in "builtin.c" program file of gawk (do_sub() routine). This issue…
Fossies Gawk
FossiesInteger overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead…
CVE-2026-62327 — 9Router through version 0.4.41 contain an unauthenticated information…
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve…
CVE-2026-59801 — 9Router through version 0.4.41 contains an unauthenticated access…
9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact with…
CVE-2026-61500 — Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie…
Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random() generator and…
Cisco IOS
CiscoCisco IOS 12.4 contains multiple cross-site forgery vulnerabilities that allows remote attackers to execute arbitrary commands…
CVE-2026-61498 — Vitec Flamingo 4.12.2 contains an unauthenticated OS command…
Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/gen_graphs.php endpoint that allows…
CVE-2026-4769 — Certain devices in the WAGO System I/O Field…
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the…
CVE-2026-15511 — A vulnerability was determined in Comfast CF-WR631AX V3…
A vulnerability was determined in Comfast CF-WR631AX V3 up to 2.7.0.8. Affected by this vulnerability is…
CVE-2026-56271 — Flowise before 3.1.0 (affected versions 3.0.13 and earlier)…
Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT secrets ('auth_token', 'refresh_token')…
CVE-2026-56260 — Crawl4AI before 0.8.7 contains an arbitrary file write…
Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and…
Rsjoomla Rsfiles!
RsjoomlaThe Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable…
Imagemagick Imagemagick
ImagemagickImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers…
CVE-2026-61447 — PraisonAI before 1.6.78 contains a remote code execution…
PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code…
CVE-2026-61445 — PraisonAI before 4.6.78 contains arbitrary file write and…
PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due…
CVE-2026-60090 — PraisonAI before 4.6.78 fails to validate the caller-controlled…
PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store…
Freerdp Freerdp
FreerdpFreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds,…
iCagenda iCagenda
iCagendaiCagenda contains an unrestricted upload of file with dangerous type vulnerability that allows the upload of…
Balbooa Forms
BalbooaBalbooa Forms contains an unrestricted upload of file with dangerous type vulnerability that allows an unauthenticated…
Adobe ColdFusion
AdobeAdobe ColdFusion contains a path traversal vulnerability that could lead to arbitrary code execution in the…
Joomlack Page Builder
JoomlackJoomlack Page Builder contains an improper access control vulnerability that could allow for remote code execution…
Langflow Langflow
LangflowLangflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute…
JoomShaper SP Page Builder
JoomShaperJoomShaper SP Page Builder contains an unrestricted upload of file with dangerous type vulnerability that allows…
Microsoft SharePoint Server
MicrosoftMicrosoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to…
SimpleHelp SimpleHelp
SimpleHelpSimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured,…
Cisco Unified Communications Manager
CiscoCisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM…
PTC Windchill and FlexPLM
PTCPTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to…
Ubiquiti UniFi OS
UbiquitiUbiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with…
Ubiquiti UniFi OS
UbiquitiUbiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access…
Ubiquiti UniFi OS
UbiquitiUbiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with…
Lantronix EDS5000
LantronixLantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands…
Splunk Enterprise
SplunkSplunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user…
Widget Factory Joomla Content Editor
Widget FactoryWidget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload…
Cisco Catalyst SD-WAN Manager
CiscoCisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated,…
LiteSpeed cPanel Plugin
LiteSpeedLiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user…
Oracle PeopleSoft Enterprise PeopleTools
OracleOracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an…
Ivanti Sentry
IvantiIvanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow…
Cisco Catalyst SD-WAN Manager
CiscoCisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability.…
Arista Extensible Operating System
AristaArista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch…
Google Chromium V8
GoogleGoogle Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute…
Check Point Security Gateway
Check PointCheck Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow…
BerriAI LiteLLM
BerriAIBerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of…
SolarWinds Serv-U
SolarWindsSolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the…
Mirasvit Mirasvit Full Page Cache Warmer
MirasvitMirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated…
Android Framework
AndroidAndroid Framework contains an integer overflow vulnerability that allows for code execution that could allow for…
Linux Kernel
LinuxLinux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups…
Oracle WebLogic Server
OracleOracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via…
Palo Alto Networks PAN-OS
Palo Alto NetworksPalo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions…
Daemon Daemon Tools Lite
DaemonDaemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability.
TanStack TanStack
TanStackTanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to…
Nx Nx Console
NxNx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console…
LiteSpeed cPanel Plugin
LiteSpeedLiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which…
No threats match those filters. Try clearing the search or selecting “All”.