Threat Alerts
Real-time critical CVE alerts, security advisories, and vulnerability intelligence — curated by the Vulnios Threat Intelligence team.
USN-8534-1: LibreOffice vulnerabilities
It was discovered that LibreOffice incorrectly handled importing DXF drawings. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arb
Critical Vulnerability: CVE-2026-62327
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sen
Critical Vulnerability: CVE-2026-59801
9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact with provider management API endpoints by sending requests without any credenti
Critical Vulnerability: CVE-2026-58409
ChurchCRM is an open-source church management system. Prior to version 7.4.0, an authenticated administrator can achieve Remote Code Execution (RCE) on the server by installing a malicious plugin ZIP
Critical Vulnerability: CVE-2024-1212 — progress — loadmaster
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
USN-8535-1: PipeWire vulnerabilities
It was discovered that PipeWire accepted unbounded Content-Length values in its RAOP module. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubun
Critical Vulnerability: CVE-2025-15608 — tp-link — archer_ax53_firmware, archer_ax53
This vulnerability in AX53 v1, AX55 v4 and AX55 v4.6 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer ov
Critical Vulnerability: CVE-2026-11913
vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*.
Critical Vulnerability: CVE-2026-15089
vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions: *.*.
Critical Vulnerability: CVE-2026-61500
Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random() generator and discloses outputs of the same generator to unauthenticated clients during
Critical Vulnerability: CVE-2026-11964
The User Registration & Membership WordPress plugin before 5.2.2 does not verify the authenticity of incoming payment-provider webhook notifications before acting on them, allowing unauthenticated at
Critical Vulnerability: CVE-2026-41041
URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to versio
Protect Your Organization
Monitor CVEs, scan for vulnerabilities, and get real-time threat alerts — all in one platform.