Threat intelligence dashboard
Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.
Attack reports – last 7 days · through Wednesday 1 July 2026 (22)
-
Confidence 100 15 MITREs 3 Malwares 96 IOCs 77 Observables
-
Confidence 100 2 CVEs 19 MITREs 8 Malwares 57 IOCs 6 Observables 1 APT
-
Confidence 100 19 MITREs 3 Malwares 6 IOCs 1 APT
-
Confidence 100 20 MITREs 49 IOCs 49 Observables
-
Confidence 100 21 MITREs 5 Malwares 60 IOCs 21 Observables 1 APT
Vulnerabilities today (13)
txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 01/07/2026
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who …
- Published
- 01/07/2026
yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated user to access arbitrary process …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level authorization vulnerability that allows authenticated attackers to delete videos from …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication (AUTH_USERNAME/AUTH_PASSWORD), is reachable unauthenticated at /mcp because …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another …
- Published
- 01/07/2026
Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026