216.73.217.86

Threat intelligence dashboard

Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.

Attack reports – last 7 days · through Wednesday 15 July 2026 (28)

Vulnerabilities today (255)

Sorted by CVSS severity (highest first)

10.0 Critical

Metabase is an open-source business intelligence and embedded analytics tool. From 1.54.0 until 1.54.24, 1.55.24, 1.56.25, 1.57.19, 1.58.14, 1.59.10, and 1.60.4, a …

Attack vector
NETWORK
Complexity
LOW
Published
15/07/2026
10.0 Critical

Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON …

Attack vector
Network
Complexity
Low
Published
15/07/2026
9.9 Critical

Penpot is an open-source design tool for design and code collaboration. Prior to 2.14.5, Penpot exposed teams_invitations.clj invitation tokens from create-team-invitations, embedded …

Attack vector
Network
Complexity
Low
Published
15/07/2026
9.8 Critical

An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Suite (NCS), Manage Control Plan (MCP), and Blue Planet …

Attack vector
Network
Complexity
Low
EPSS
0.0022 (P12.1%)
Published
15/07/2026
9.8 Critical

In Ciena's Navigator Network Control Suite (NCS) and Manage Control Plan (MCP), there are hidden system accounts used for internal software operations. …

Attack vector
Network
Complexity
Low
EPSS
0.0015 (P4.1%)
Published
15/07/2026
9.8 Critical

Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before allows an attacker to execute arbitrary code via the openhtj2k_decoder_impl::invoke, invoke_line_based, invoke_line_based_stream, and invoke_line_based_predecoded …

Attack vector
Network
Complexity
Low
EPSS
0.0020 (P10.0%)
Published
15/07/2026
9.8 Critical

Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before allows an attacker to execute arbitrary code via the j2k_precinct_subband::parse_packet_header() in source/core/coding/coding_units.cpp

Attack vector
Network
Complexity
Low
EPSS
0.0020 (P10.1%)
Published
15/07/2026
9.8 Critical

An issue in Aetopia Digital Asset Management DAM v.1.0.0 allows a remote attacker to execute arbitrary code via the name and description …

Attack vector
NETWORK
Complexity
LOW
EPSS
0.0031 (P22.6%)
Published
15/07/2026
9.6 Critical

OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, odhcpd writes a DHCPv6 client FQDN option 39 hostname into …

Attack vector
Network
Complexity
Low
Published
15/07/2026
9.6 Critical

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints …

Attack vector
Network
Complexity
Low
Published
15/07/2026
9.6 Critical

The Grav API plugin (grav-plugin-api) before 1.0.4 does not validate the origin of the client-supplied admin_base_url field in the POST /api/v1/auth/forgot-password endpoint. …

Attack vector
NETWORK
Complexity
LOW
Published
15/07/2026
9.5 Critical

An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middle(MITM) user to …

Published
15/07/2026
9.3 Critical

FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and …

Published
15/07/2026
9.3 Critical

Lightpanda is a headless browser designed for AI and automation. Prior to 0.2.9, Lightpanda fetch() and XMLHttpRequest unconditionally attached session cookies to …

Attack vector
NETWORK
Complexity
LOW
Published
15/07/2026
9.3 Critical

Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the entire URL string …

Attack vector
NETWORK
Complexity
LOW
Published
15/07/2026