Threat intelligence dashboard
Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.
Attack reports – last 7 days · through Monday 6 July 2026 (21)
-
Confidence 100 10 MITREs 33 IOCs 14 Observables
-
Confidence 100 20 MITREs 55 IOCs 55 Observables
-
Confidence 100 1 Malware 26 IOCs 15 Observables
-
Confidence 100 12 MITREs 4 Malwares 13 IOCs 9 Observables
-
Confidence 100 20 MITREs 14 IOCs 14 Observables
Vulnerabilities today (61)
Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 06/07/2026
ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 06/07/2026
An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorised access to other …
- Published
- 06/07/2026
The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager …
- Attack vector
- NETWORK
- Complexity
- LOW
- EPSS
- 0.0052 (P40.1%)
- Published
- 06/07/2026
The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who …
- Attack vector
- NETWORK
- Complexity
- LOW
- EPSS
- 0.0020 (P10.3%)
- Published
- 06/07/2026
The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, …
- Attack vector
- NETWORK
- Complexity
- LOW
- EPSS
- 0.0018 (P7.8%)
- Published
- 06/07/2026
The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 06/07/2026
Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no …
- Published
- 06/07/2026
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint (Mint.HTTP1 module) allows a denial of service via an oversized chunked …
- Published
- 06/07/2026
The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This …
- Attack vector
- Network
- Complexity
- Low
- Published
- 06/07/2026
Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before …
- Published
- 06/07/2026
The Admin and Site Enhancements (ASE) WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce …
- Attack vector
- NETWORK
- Complexity
- HIGH
- EPSS
- 0.0018 (P8.2%)
- Published
- 06/07/2026
The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 06/07/2026
Untrusted Search Path vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5.
- Attack vector
- Local
- Complexity
- Low
- Published
- 06/07/2026
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries …
- Attack vector
- Network
- Complexity
- Low
- Published
- 06/07/2026