Threat intelligence dashboard
Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.
Attack reports – last 7 days · through Saturday 4 July 2026 (21)
-
Confidence 100 19 MITREs 2 Malwares 1 IOC 1 Observable 1 APT
-
Confidence 100 3 CVEs 1 Malware 6 IOCs
-
Confidence 100 1 CVE 19 MITREs 2 Malwares 4 IOCs 2 Observables
-
Confidence 100 20 MITREs 7 Malwares 11 IOCs 3 Observables 1 APT
-
Confidence 100 1 CVE 18 MITREs 1 Malware 140 IOCs 127 Observables
Vulnerabilities today (38)
In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 04/07/2026
Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 04/07/2026
The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 04/07/2026
myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the …
- Published
- 04/07/2026
An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 04/07/2026
HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute …
- Published
- 04/07/2026
picklescan before 0.0.34 fails to detect the _operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 04/07/2026
picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 04/07/2026
Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 04/07/2026
picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 04/07/2026
picklescan before 0.0.34 fails to detect _operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 04/07/2026
picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.__main__.run_cprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 04/07/2026
picklescan before 0.0.30 fails to detect the asyncio.unix_events._UnixSubprocessTransport._start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 04/07/2026
picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 04/07/2026
picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.get_entity function in reduce methods. Attackers can embed undetected code in pickle …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 04/07/2026