Threat Intelligence Overview

CVE-2026-28270: Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators co

CVE-2026-28268: Vikunja is an open-source self-hosted task management platform. Versions prior to 2.1.0 have a business logic vulnerability exists in the password reset mechanism of vikunja/api that allows password r

CVE-2018-25160: HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an appli

CVE-2026-3255: HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand() function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in ra

CVE-2026-28354: ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, collection item operations are vulnerable to authorization flaws, allowing a normal authenticated user to modify ano

CVE-2026-28231: pillow_heif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buffer validation of `_pillow_heif.c` allows an attac

CVE-2026-27947: Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF

CVE-2026-27836: phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (`/api/webauthn/prepare`) creates new active user accounts without any authentication, CSRF prote