216.73.216.169

Threat intelligence dashboard

Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.

Attack reports – last 7 days · through Wednesday 8 July 2026 (18)

Vulnerabilities today (233)

Sorted by CVSS severity (highest first)

9.9 Critical

Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do …

Attack vector
Network
Complexity
Low
Published
08/07/2026
9.8 Critical

Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files …

Attack vector
NETWORK
Complexity
LOW
Published
08/07/2026
9.8 Critical

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Webbeyaz Web Design Mediküm Web allows SQL Injection. …

Attack vector
NETWORK
Complexity
LOW
Published
08/07/2026
9.8 Critical

An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026 could allow an attacker to gain privileged access to …

Attack vector
Network
Complexity
Low
Published
08/07/2026
9.8 Critical

The WP Learn Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.8. This is …

Attack vector
NETWORK
Complexity
LOW
Published
08/07/2026
9.8 Critical

The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The …

Attack vector
NETWORK
Complexity
LOW
Published
08/07/2026
9.8 Critical

mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing …

Attack vector
NETWORK
Complexity
LOW
Published
08/07/2026
9.8 Critical

DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix …

Attack vector
NETWORK
Complexity
LOW
EPSS
0.0019 (P8.5%)
Published
08/07/2026
9.6 Critical

SQL injection vulnerabilities in the Snowflake Snowpark Python SDK (snowpark-python) versions prior to 1.53.0 could allow authenticated low-privilege users to execute SQL …

Attack vector
Network
Complexity
Low
Published
08/07/2026
9.3 Critical

repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The …

Attack vector
NETWORK
Complexity
LOW
Published
08/07/2026
9.3 Critical

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. …

Attack vector
NETWORK
Complexity
LOW
Published
08/07/2026
9.2 Critical

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed …

Published
08/07/2026
9.1 Critical

IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality.

Attack vector
NETWORK
Complexity
LOW
Published
08/07/2026
9.1 Critical

Dgraph is an open source distributed GraphQL database. Prior to version 25.3.5, Dgraph Alpha exposes the RPCs used for external snapshot import …

Attack vector
NETWORK
Complexity
LOW
Published
08/07/2026
9.1 Critical

Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via …

Attack vector
NETWORK
Complexity
LOW
Published
08/07/2026