Threat intelligence dashboard
Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.
Attack reports – last 7 days · through Friday 3 July 2026 (18)
-
Confidence 100 20 MITREs 8 Malwares 11 IOCs 2 Observables 1 APT
-
Confidence 100 16 MITREs 108 IOCs 108 Observables
-
Confidence 100 1 Malware 45 IOCs
Vulnerabilities today (61)
An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the …
- Published
- 03/07/2026
Puppet resource_api (shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x) does not preserve the sensitive flag on parameters defined …
- Published
- 03/07/2026
The GenerateBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Headline Block 'linkMetaFieldType' Dynamic Link Attribute in all versions up …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 03/07/2026
The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 03/07/2026
The RTMKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget's 'Background Text' parameter in versions up …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 03/07/2026
The JSON API User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content' parameter of the post_comment API endpoint …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 03/07/2026
The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 03/07/2026
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 03/07/2026
The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 03/07/2026
The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 03/07/2026
An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send …
- Published
- 03/07/2026
In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal …
- Published
- 03/07/2026
The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 03/07/2026
The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 03/07/2026
The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 03/07/2026