Threat intelligence dashboard
Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.
Attack reports – last 7 days · through Wednesday 8 July 2026 (18)
-
Confidence 100 20 MITREs 5 Malwares 27 IOCs 27 Observables
-
Confidence 100 4 CVEs 20 MITREs 1 Malware 13 IOCs 11 Observables
-
Confidence 100 2 Malwares 8 IOCs 8 Observables 1 APT
Vulnerabilities today (44)
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, Coder's subdomain-based workspace app …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the `AgentLogLine` dashboard component …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the `CreateSubAgent` RPC did …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 08/07/2026
sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 08/07/2026
Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files …
- Published
- 08/07/2026