Threat intelligence dashboard
Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.
Attack reports – last 7 days · through Friday 10 July 2026 (8)
-
Confidence 100 13 MITREs 4 IOCs 2 Observables
-
Confidence 100 20 MITREs 1 Malware 8 IOCs 5 Observables
-
Confidence 100 15 MITREs 9 IOCs 5 Observables 1 APT
-
Confidence 100 18 MITREs 5 Malwares 30 IOCs 7 Observables
-
Confidence 100 19 MITREs 2 Malwares 13 IOCs 7 Observables
Vulnerabilities today (198)
R-SOFT DMS is vulnerable to Insecure Direct Object Reference (IDOR) attack in multiple file download endpoints. The application fetches files from the …
- Published
- 10/07/2026
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's `ReadFileTool` and `WriteFileTool` appear to treat `curr_dir` as the …
- Attack vector
- Local
- Complexity
- Low
- Published
- 10/07/2026
In @capgo/capacitor-updater (Cap-go/capgo) before 12.128.2, the end-to-end encryption scheme distributes the private key to each device that downloads the app. Because the …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 10/07/2026
Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed …
- Published
- 10/07/2026
Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data.
- Published
- 10/07/2026
Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information.
- Published
- 10/07/2026
Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs.
- Published
- 10/07/2026
Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings.
- Published
- 10/07/2026
Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory.
- Published
- 10/07/2026
Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege.
- Published
- 10/07/2026
OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 10/07/2026
Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege.
- Published
- 10/07/2026
The Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin for WordPress is vulnerable …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 10/07/2026
Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lacks limits on uncompressed size, file count, and nesting depth. Attackers …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 10/07/2026
Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author (any admin.pages user, or anyone able to write to …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 10/07/2026