216.73.217.64

Threat intelligence dashboard

Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.

Attack reports – last 7 days · through Saturday 11 July 2026 (8)

Vulnerabilities today (25)

Sorted by CVSS severity (highest first)

9.9 Critical

OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied …

Attack vector
NETWORK
Complexity
LOW
Published
11/07/2026
9.8 Critical

The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation.

Attack vector
NETWORK
Complexity
LOW
Published
11/07/2026
9.2 Critical

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP server registers handlers …

Published
11/07/2026
8.8 High

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization …

Attack vector
NETWORK
Complexity
LOW
Published
11/07/2026
8.7 High

Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC application built with a default router registers a built-in …

Published
11/07/2026
8.6 High

Frappe is a full-stack web application framework. Prior to 16.23.0 and 15.112.0, TarSlip RCE was possible in Package Import because tarfile members …

Published
11/07/2026
8.6 High

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data …

Attack vector
NETWORK
Complexity
LOW
Published
11/07/2026
8.3 High

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0.37.3, the Tilt HUD WebSocket at /ws/view is …

Published
11/07/2026
8.3 High

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0.37.3, the Tilt HUD server mounts Go net/http/pprof …

Published
11/07/2026
8.2 High

Phalcon is a high-performance, full-stack PHP framework. Prior to 5.14.1, Phalcon\Encryption\Crypt::decrypt compares the attacker-supplied HMAC tag against the freshly computed HMAC using …

Published
11/07/2026
8.1 High

TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified …

Attack vector
NETWORK
Complexity
LOW
Published
11/07/2026
7.5 High

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, …

Attack vector
NETWORK
Complexity
HIGH
Published
11/07/2026
7.5 High

Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances …

Attack vector
NETWORK
Complexity
LOW
Published
11/07/2026
7.5 High

Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a …

Attack vector
NETWORK
Complexity
LOW
Published
11/07/2026
7.1 High

Frappe is a full-stack web application framework. Prior to 16.19.0, authorization bypass was possible via the update_page endpoint in Workspace because public …

Published
11/07/2026