Threat intelligence dashboard
Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.
Attack reports – last 7 days · through Wednesday 8 July 2026 (18)
-
Confidence 100 19 MITREs 2 Malwares 13 IOCs 7 Observables
-
Confidence 100 3 CVEs 4 Malwares 6 IOCs 5 Observables 1 APT
-
Confidence 100 1 Malware 7 IOCs 1 Observable
-
Confidence 100 23 MITREs 21 IOCs 7 Observables 1 APT
-
Confidence 100 20 MITREs 6 Malwares 9 IOCs 5 Observables
Vulnerabilities today (233)
Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do …
- Attack vector
- Network
- Complexity
- Low
- Published
- 08/07/2026
Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Webbeyaz Web Design Mediküm Web allows SQL Injection. …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026 could allow an attacker to gain privileged access to …
- Attack vector
- Network
- Complexity
- Low
- Published
- 08/07/2026
The WP Learn Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.8. This is …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix …
- Attack vector
- NETWORK
- Complexity
- LOW
- EPSS
- 0.0019 (P8.5%)
- Published
- 08/07/2026
SQL injection vulnerabilities in the Snowflake Snowpark Python SDK (snowpark-python) versions prior to 1.53.0 could allow authenticated low-privilege users to execute SQL …
- Attack vector
- Network
- Complexity
- Low
- Published
- 08/07/2026
repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed …
- Published
- 08/07/2026
IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
Dgraph is an open source distributed GraphQL database. Prior to version 25.3.5, Dgraph Alpha exposes the RPCs used for external snapshot import …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026