Threat intelligence dashboard
Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.
Attack reports – last 7 days · through Saturday 11 July 2026 (8)
-
Confidence 100 13 MITREs 4 IOCs 2 Observables
-
Confidence 100 20 MITREs 1 Malware 8 IOCs 5 Observables
-
Confidence 100 15 MITREs 9 IOCs 5 Observables 1 APT
-
Confidence 100 18 MITREs 5 Malwares 30 IOCs 7 Observables
-
Confidence 100 19 MITREs 2 Malwares 13 IOCs 7 Observables
Vulnerabilities today (25)
OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 11/07/2026
The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 11/07/2026
Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP server registers handlers …
- Published
- 11/07/2026
Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 11/07/2026
Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC application built with a default router registers a built-in …
- Published
- 11/07/2026
Frappe is a full-stack web application framework. Prior to 16.23.0 and 15.112.0, TarSlip RCE was possible in Package Import because tarfile members …
- Published
- 11/07/2026
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 11/07/2026
Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0.37.3, the Tilt HUD WebSocket at /ws/view is …
- Published
- 11/07/2026
Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0.37.3, the Tilt HUD server mounts Go net/http/pprof …
- Published
- 11/07/2026
Phalcon is a high-performance, full-stack PHP framework. Prior to 5.14.1, Phalcon\Encryption\Crypt::decrypt compares the attacker-supplied HMAC tag against the freshly computed HMAC using …
- Published
- 11/07/2026
TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 11/07/2026
Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 11/07/2026
Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 11/07/2026
Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 11/07/2026
Frappe is a full-stack web application framework. Prior to 16.19.0, authorization bypass was possible via the update_page endpoint in Workspace because public …
- Published
- 11/07/2026