Threat intelligence dashboard
Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.
Attack reports – last 7 days · through Wednesday 1 July 2026 (23)
-
Confidence 100 21 MITREs 5 Malwares 60 IOCs 21 Observables 1 APT
-
Confidence 100 12 MITREs 4 IOCs 4 Observables
-
Confidence 100 3 CVEs 19 MITREs 9 IOCs 8 Observables
-
Confidence 100 10 MITREs 4 Malwares 10 IOCs 4 Observables
-
Confidence 100 17 MITREs 1 Malware 16 IOCs 14 Observables 1 APT
Vulnerabilities today (203)
Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wi_senderr() and wi_replyhdr() in repeater/webgui/webutils.c …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from …
- Published
- 01/07/2026
Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 01/07/2026
UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses a weak hardcoded default secret ('flowise') for the express-session middleware when the EXPRESS_SESSION_SECRET …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026
A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 01/07/2026
The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via update_capabilities REST Endpoint in all versions up to, and including, …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/07/2026