Threat Alerts

Real-time critical CVE alerts, security advisories, and vulnerability intelligence — curated by the Vulnios Threat Intelligence team.

500 Critical
0 High
500 Total Alerts
Follow on TelegramSubscribe via RSS
Filter:
500 alerts
criticalOSINT Alert
CVE-2026-6039CVE-2026-6040CVE-2026-6045

USN-8534-1: LibreOffice vulnerabilities

It was discovered that LibreOffice incorrectly handled importing DXF drawings. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arb

Ubuntu
ubuntulinuxpatch
Jul 13 · 10:52 PM
Read analysis
criticalCVE Alert
CVE-2026-62327

Critical Vulnerability: CVE-2026-62327

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sen

critical
Jul 13 · 10:19 PM
Read analysis
criticalCVE Alert
CVE-2026-59801

Critical Vulnerability: CVE-2026-59801

9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact with provider management API endpoints by sending requests without any credenti

criticaldos
Jul 13 · 10:19 PM
Read analysis
criticalCVE Alert
CVE-2026-58409

Critical Vulnerability: CVE-2026-58409

ChurchCRM is an open-source church management system. Prior to version 7.4.0, an authenticated administrator can achieve Remote Code Execution (RCE) on the server by installing a malicious plugin ZIP

criticalrce
Jul 13 · 9:19 PM
Read analysis
criticalCVE Alert
CVE-2024-1212

Critical Vulnerability: CVE-2024-1212 — progress — loadmaster

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.

progress· loadmaster
actively_exploitedcritical
Jul 13 · 9:19 PM
Read analysis
criticalVendor Advisory
CVE-2026-14324CVE-2026-14330

USN-8535-1: PipeWire vulnerabilities

It was discovered that PipeWire accepted unbounded Content-Length values in its RAOP module. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubun

Ubuntu
ubuntulinuxpatch
Jul 13 · 8:43 PM
Read analysis
criticalCVE Alert
CVE-2025-15608

Critical Vulnerability: CVE-2025-15608 — tp-link — archer_ax53_firmware, archer_ax53

This vulnerability in AX53 v1, AX55 v4 and AX55 v4.6 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer ov

tp-link· archer_ax53_firmware, archer_ax53
criticalrce
Jul 13 · 7:19 PM
Read analysis
criticalCVE Alert
CVE-2026-11913

Critical Vulnerability: CVE-2026-11913

vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*.

critical
Jul 13 · 7:19 PM
Read analysis
criticalCVE Alert
CVE-2026-15089

Critical Vulnerability: CVE-2026-15089

vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions: *.*.

critical
Jul 13 · 7:19 PM
Read analysis
criticalCVE Alert
CVE-2026-61500

Critical Vulnerability: CVE-2026-61500

Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random() generator and discloses outputs of the same generator to unauthenticated clients during

criticalrce
Jul 13 · 6:19 PM
Read analysis
criticalCVE Alert
CVE-2026-11964

Critical Vulnerability: CVE-2026-11964

The User Registration & Membership WordPress plugin before 5.2.2 does not verify the authenticity of incoming payment-provider webhook notifications before acting on them, allowing unauthenticated at

critical
Jul 13 · 6:19 PM
Read analysis
criticalCVE Alert
CVE-2026-41041

Critical Vulnerability: CVE-2026-41041

URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to versio

critical
Jul 13 · 6:19 PM
Read analysis

Protect Your Organization

Monitor CVEs, scan for vulnerabilities, and get real-time threat alerts — all in one platform.