Threat intelligence dashboard
Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.
Attack reports – last 7 days · through Wednesday 8 July 2026 (16)
-
Confidence 100 19 MITREs 2 Malwares 13 IOCs 7 Observables
-
Confidence 100 3 CVEs 4 Malwares 6 IOCs 5 Observables 1 APT
-
Confidence 100 20 MITREs 6 Malwares 9 IOCs 5 Observables
-
Confidence 100 33 IOCs 14 Observables
-
Confidence 100 10 MITREs 33 IOCs 14 Observables
Vulnerabilities today (44)
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, Coder's subdomain-based workspace app …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the `AgentLogLine` dashboard component …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the `CreateSubAgent` RPC did …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files …
- Published
- 08/07/2026