Threat intelligence dashboard
Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.
Attack reports – last 7 days · through Friday 10 July 2026 (8)
-
Confidence 100 3 CVEs 4 Malwares 6 IOCs 5 Observables 1 APT
-
Confidence 100 1 Malware 7 IOCs 1 Observable
-
Confidence 100 23 MITREs 21 IOCs 7 Observables 1 APT
Vulnerabilities today (117)
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 10/07/2026
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 10/07/2026
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 10/07/2026
The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 10/07/2026
The BuddyHolis TableSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 10/07/2026
The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weather_style' and 'move_direction' parameters of the …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 10/07/2026
The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'atkp_product' shortcode …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 10/07/2026
The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background' parameter in the 'sudoku-sc' shortcode in all …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 10/07/2026
The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated (Contributor+) Stored Cross-Site Scripting via the Button widget's `custom_attributes` setting …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 10/07/2026
The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_page_id' parameter in versions up to, …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 10/07/2026
A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 10/07/2026
A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 10/07/2026
A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 10/07/2026
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, restricted tag and tag-group names attached to publicly readable …
- Published
- 10/07/2026
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, secure uploads could be exposed by pull_hotlinked_images when an …
- Published
- 10/07/2026