216.73.217.98

Threat intelligence dashboard

Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.

Attack reports – last 7 days · through Friday 10 July 2026 (8)

Vulnerabilities today (198)

Sorted by CVSS severity (highest first)

7.1 High

R-SOFT DMS is vulnerable to Insecure Direct Object Reference (IDOR) attack in multiple file download endpoints. The application fetches files from the …

Published
10/07/2026
7.1 High

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's `ReadFileTool` and `WriteFileTool` appear to treat `curr_dir` as the …

Attack vector
Local
Complexity
Low
Published
10/07/2026
7.0 High

In @capgo/capacitor-updater (Cap-go/capgo) before 12.128.2, the end-to-end encryption scheme distributes the private key to each device that downloads the app. Because the …

Attack vector
NETWORK
Complexity
HIGH
Published
10/07/2026
6.9 Medium

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed …

Published
10/07/2026
6.9 Medium

Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data.

Published
10/07/2026
6.9 Medium

Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information.

Published
10/07/2026
6.9 Medium

Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs.

Published
10/07/2026
6.9 Medium

Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings.

Published
10/07/2026
6.8 Medium

Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory.

Published
10/07/2026
6.8 Medium

Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege.

Published
10/07/2026
6.8 Medium

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set …

Attack vector
NETWORK
Complexity
HIGH
Published
10/07/2026
6.7 Medium

Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege.

Published
10/07/2026
6.6 Medium

The Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin for WordPress is vulnerable …

Attack vector
NETWORK
Complexity
HIGH
Published
10/07/2026
6.5 Medium

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lacks limits on uncompressed size, file count, and nesting depth. Attackers …

Attack vector
NETWORK
Complexity
LOW
Published
10/07/2026
6.5 Medium

Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author (any admin.pages user, or anyone able to write to …

Attack vector
NETWORK
Complexity
LOW
Published
10/07/2026