Threat intelligence dashboard
Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.
Attack reports – last 7 days · through Thursday 2 July 2026 (24)
-
Confidence 100 20 MITREs 5 Malwares 27 IOCs 27 Observables
-
Confidence 100 4 CVEs 20 MITREs 1 Malware 13 IOCs 11 Observables
-
Confidence 100 2 Malwares 8 IOCs 8 Observables 1 APT
-
Confidence 100 18 MITREs 1 Malware 3 IOCs 3 Observables 1 APT
-
Confidence 100 18 MITREs 3 IOCs 1 APT
Vulnerabilities today (249)
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 02/07/2026
Unauthenticated Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.46 versions.
- Attack vector
- Network
- Complexity
- Low
- Published
- 02/07/2026
A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 02/07/2026
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 02/07/2026
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 02/07/2026
Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.
- Attack vector
- Network
- Complexity
- Low
- Published
- 02/07/2026
Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 02/07/2026
Missing authentication for critical function vulnerability in TR7 Cyber Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 02/07/2026
The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 02/07/2026
Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce <= 12.10.3 versions.
- Attack vector
- Network
- Complexity
- Low
- Published
- 02/07/2026
Unauthenticated PHP Object Injection in Booktics <= 1.0.21 versions.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 02/07/2026
SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component
- Attack vector
- NETWORK
- Complexity
- LOW
- EPSS
- 0.0027 (P17.9%)
- Published
- 02/07/2026
Unauthenticated Cross Site Scripting (XSS) in Admin and Site Enhancements (ASE) Pro <= 8.8.5 versions.
- Attack vector
- Network
- Complexity
- Low
- Published
- 02/07/2026
Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 02/07/2026
Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 02/07/2026