Threat intelligence dashboard
Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.
Attack reports – last 7 days · through Wednesday 1 July 2026 (23)
-
Confidence 100 18 MITREs 1 Malware 3 IOCs 3 Observables 1 APT
-
Confidence 100 8 MITREs 2 Malwares 19 IOCs 10 Observables
-
Confidence 100 19 MITREs 2 Malwares 1 IOC 1 Observable 1 APT
-
Confidence 100 3 CVEs 1 Malware 6 IOCs
-
Confidence 100 1 CVE 19 MITREs 2 Malwares 4 IOCs 2 Observables
Vulnerabilities today (468)
The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration …
- Published
- 01/07/2026
Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker …
- Attack vector
- Network
- Complexity
- Low
- Published
- 01/07/2026
Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default …
- Attack vector
- Network
- Complexity
- Low
- Published
- 01/07/2026
Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
Incorrect Privilege Assignment vulnerability in LCweb PrivateContent allows Privilege Escalation. This issue affects PrivateContent: from n/a through 9.9.2.
- Attack vector
- Network
- Complexity
- Low
- Published
- 01/07/2026
The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wi_senderr() and wi_replyhdr() in repeater/webgui/webutils.c …
- Attack vector
- Network
- Complexity
- Low
- Published
- 01/07/2026
Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data …
- Attack vector
- Network
- Complexity
- Low
- Published
- 01/07/2026
Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. NOTE: …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026