Threat intelligence dashboard
Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.
Attack reports – last 7 days · through Wednesday 15 July 2026 (28)
-
Confidence 100 18 MITREs 1 Malware 5 IOCs 5 Observables
-
Confidence 100 25 CVEs 21 MITREs 7 Malwares 30 IOCs 10 Observables
-
Confidence 100 20 MITREs 2 IOCs 2 Observables 1 APT
-
Confidence 100 7 Malwares 6 IOCs 6 Observables
-
Confidence 100 20 MITREs 1 Malware 17 IOCs 4 Observables
Vulnerabilities today (255)
Metabase is an open-source business intelligence and embedded analytics tool. From 1.54.0 until 1.54.24, 1.55.24, 1.56.25, 1.57.19, 1.58.14, 1.59.10, and 1.60.4, a …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 15/07/2026
Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON …
- Attack vector
- Network
- Complexity
- Low
- Published
- 15/07/2026
Penpot is an open-source design tool for design and code collaboration. Prior to 2.14.5, Penpot exposed teams_invitations.clj invitation tokens from create-team-invitations, embedded …
- Attack vector
- Network
- Complexity
- Low
- Published
- 15/07/2026
An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Suite (NCS), Manage Control Plan (MCP), and Blue Planet …
- Attack vector
- Network
- Complexity
- Low
- EPSS
- 0.0022 (P12.1%)
- Published
- 15/07/2026
In Ciena's Navigator Network Control Suite (NCS) and Manage Control Plan (MCP), there are hidden system accounts used for internal software operations. …
- Attack vector
- Network
- Complexity
- Low
- EPSS
- 0.0015 (P4.1%)
- Published
- 15/07/2026
Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before allows an attacker to execute arbitrary code via the openhtj2k_decoder_impl::invoke, invoke_line_based, invoke_line_based_stream, and invoke_line_based_predecoded …
- Attack vector
- Network
- Complexity
- Low
- EPSS
- 0.0020 (P10.0%)
- Published
- 15/07/2026
Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before allows an attacker to execute arbitrary code via the j2k_precinct_subband::parse_packet_header() in source/core/coding/coding_units.cpp
- Attack vector
- Network
- Complexity
- Low
- EPSS
- 0.0020 (P10.1%)
- Published
- 15/07/2026
An issue in Aetopia Digital Asset Management DAM v.1.0.0 allows a remote attacker to execute arbitrary code via the name and description …
- Attack vector
- NETWORK
- Complexity
- LOW
- EPSS
- 0.0031 (P22.6%)
- Published
- 15/07/2026
OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, odhcpd writes a DHCPv6 client FQDN option 39 hostname into …
- Attack vector
- Network
- Complexity
- Low
- Published
- 15/07/2026
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints …
- Attack vector
- Network
- Complexity
- Low
- Published
- 15/07/2026
The Grav API plugin (grav-plugin-api) before 1.0.4 does not validate the origin of the client-supplied admin_base_url field in the POST /api/v1/auth/forgot-password endpoint. …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 15/07/2026
An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middle(MITM) user to …
- Published
- 15/07/2026
FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and …
- Published
- 15/07/2026
Lightpanda is a headless browser designed for AI and automation. Prior to 0.2.9, Lightpanda fetch() and XMLHttpRequest unconditionally attached session cookies to …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 15/07/2026
Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the entire URL string …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 15/07/2026