Threat intelligence dashboard
Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.
Attack reports – last 7 days · through Saturday 18 July 2026 (43)
-
Confidence 100 19 MITREs 2 Malwares 13 IOCs 4 Observables 1 APT
-
Confidence 100 1 CVE 20 MITREs 1 Malware 3 IOCs 2 Observables
-
Confidence 100 24 MITREs 1 Malware
-
Confidence 100 18 MITREs 2 Malwares 16 IOCs 16 Observables
-
Confidence 100 20 MITREs 4 Malwares 5 IOCs 1 Observable 1 APT
Vulnerabilities today (71)
Impact: @fastify/http-proxy versions up to and including 11.5.0 fail to rewrite the request prefix when the prefix segment is URL-encoded. Fastify's router …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 18/07/2026
VMware Avi Load Balancer contains an authentication bypass vulnerability. A malicious user with network access may be able to access the Avi …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 18/07/2026
SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 fails to properly escape table and field names in the command-line export …
- Published
- 18/07/2026
OpenPLC_v3 contains a heap-based buffer overflow in the getData() function in webserver/core/modbus_master.cpp. getData() reads characters between two delimiters into a caller-supplied buffer …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 18/07/2026
SurrealDB before 1.5.5 (and 2.0.0-beta before 2.0.0-beta.3) accepts an arbitrary object in the signin and signup operations of the RPC API without …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 18/07/2026
SurrealDB before 1.0.1 sets default table permissions to FULL instead of NONE, allowing SELECT, CREATE, UPDATE, and DELETE operations on tables without …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 18/07/2026
A vulnerability was found in Shibby Tomato 1.28. This vulnerability affects the function sub_42537C of the component Scheduler Name Handler. The manipulation …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 18/07/2026
A vulnerability has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. This affects the function sub_40BB50 of the file /proc/webmon_recent_domains. …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 18/07/2026
A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Affected by this issue is the function setup_conntrack of …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 18/07/2026
VMware Avi Load Balancer contains a directory traversal vulnerability. Flaws in file path validation allow malicious, authenticated network users to perform directory …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 18/07/2026
Impact: @fastify/reply-from versions from 8.3.1 up to but not including 12.6.4 build the internal URL cache key by concatenating the destination and …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 18/07/2026
Impact: @fastify/http-proxy versions from 9.4.0 up to and including 11.5.0 fail to validate the resolved WebSocket destination path against the configured rewrite …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 18/07/2026
VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious authenticated user with network access may be able to inject …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 18/07/2026
VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious user with network access may be able to access the …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 18/07/2026
SurrealDB before 1.1.1 contains a format string vulnerability in the rquickjs Exception::throw_type function when scripting is enabled. Attackers with scripting privileges can …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 18/07/2026