216.73.217.80

Threat intelligence dashboard

Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.

Attack reports – last 7 days · through Wednesday 1 July 2026 (23)

Vulnerabilities today (200)

Sorted by CVSS severity (highest first)

10.0 Critical

Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker …

Attack vector
NETWORK
Complexity
LOW
Published
01/07/2026
10.0 Critical

Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default …

Attack vector
NETWORK
Complexity
LOW
Published
01/07/2026
9.8 Critical

The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege …

Attack vector
NETWORK
Complexity
LOW
Published
01/07/2026
9.8 Critical

UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wi_senderr() and wi_replyhdr() in repeater/webgui/webutils.c …

Attack vector
NETWORK
Complexity
LOW
Published
01/07/2026
9.8 Critical

Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data …

Attack vector
NETWORK
Complexity
LOW
Published
01/07/2026
9.8 Critical

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs …

Attack vector
NETWORK
Complexity
LOW
Published
01/07/2026
9.8 Critical

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, …

Attack vector
NETWORK
Complexity
LOW
Published
01/07/2026
9.4 Critical

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from …

Published
01/07/2026
9.3 Critical

Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie …

Attack vector
NETWORK
Complexity
LOW
Published
01/07/2026
9.2 Critical

Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored …

Attack vector
LOCAL
Complexity
LOW
Published
01/07/2026
9.1 Critical

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first …

Attack vector
NETWORK
Complexity
LOW
Published
01/07/2026
9.1 Critical

The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due …

Attack vector
NETWORK
Complexity
LOW
Published
01/07/2026
9.1 Critical

Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses a weak hardcoded default secret ('flowise') for the express-session middleware when the EXPRESS_SESSION_SECRET …

Attack vector
NETWORK
Complexity
LOW
Published
01/07/2026
9.0 Critical

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker …

Attack vector
NETWORK
Complexity
HIGH
Published
01/07/2026
8.8 High

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via update_capabilities REST Endpoint in all versions up to, and including, …

Attack vector
NETWORK
Complexity
LOW
Published
01/07/2026