Breaking
Live threat feed July 2, 2026 | 06:51 UTC
407 CVEs This Month
1 Actively Exploited
0 Ransomware Activity
28 Breaches YTD
Threat Investigation Portal
Investigate an IOC in the live graph workspace.
Investigate IOC
Latest Threats
View all ->
Vulnerability Watch

Top 10 CVEs This Week

Prioritized using CISA KEV, EPSS, CVSS, and recency.

Full watchlist ->
CVE-2026-56782 CVSS 9.8 EPSS 0.009

Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when admin_api_key is empty, which is the default configuration. Remote attackers can exfiltrate the entire database including user records, items, and feedback data containing personally identifiable information, or completely overwrite the dataset without authentication.

Critical severity issue in affected software published this week.

CVE-2026-13545 CVSS 8.8 EPSS 0.0156

A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub_400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Newly published issue in affected software with notable risk signals for defenders.

CVE-2026-13763 CVSS 9.8 EPSS 0.005

Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This issue only impacts HTTP/2 ALB target groups. To remediate this issue, customers should enable the "Inspect after sufficient data" target group configuration associated to an ALB load balancer. Refer to: ( https://docs.aws.amazon.com/elasticloadbalancing/latest/application/edit-target-group-attributes.html#waf-http2-inspection )

Critical severity issue in affected software published this week.

CVE-2026-13762 CVSS 9.8 EPSS 0.0046

Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This issue was remediated server-side. No customer action is required.

Critical severity issue in affected software published this week.

CVE-2026-57331 CVSS 9.9 EPSS 0.0034

Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.

Critical severity issue in affected software published this week.

Vulnerability Watch
All Stories ->
error: Content is protected !!