Threat intelligence dashboard
Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.
Attack reports – last 7 days · through Wednesday 8 July 2026 (18)
-
Confidence 100 19 MITREs 2 Malwares 13 IOCs 7 Observables
-
Confidence 100 3 CVEs 4 Malwares 6 IOCs 5 Observables 1 APT
-
Confidence 100 1 Malware 7 IOCs 1 Observable
-
Confidence 100 23 MITREs 21 IOCs 7 Observables 1 APT
-
Confidence 100 20 MITREs 6 Malwares 9 IOCs 5 Observables
Vulnerabilities today (44)
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, Coder's subdomain-based workspace app …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the `AgentLogLine` dashboard component …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the `CreateSubAgent` RPC did …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files …
- Published
- 08/07/2026