Live Monitoring Active

Live Threat Pulse & Analytics

Monitor the latest security vulnerabilities in real-time. Gain insights into current threat trends and targeted technologies across the globe.

Last 30 Days
7789
New Vulnerabilities Analyzed
Emerging Pulse
460
Identified in Last 72 Hours
Severity Distribution
Critical (914)
High (3083)
Medium (2694)
Low (236)
Unknown (862)

Hot Tech Targets

* Click a technology to view its 30-day threat activity.

Emerging Pulse Feed

1 / 46
460 Emerging Pulse
Live monitoring active
Last synced: 7.9 02:54
CVE-2026-600027.8 01:16

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)

UnknownView Details
CVE-2026-600017.8 01:16

sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.

UnknownView Details
CVE-2026-600007.8 01:16

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for GSSAPIAuthentication.

UnknownView Details
CVE-2026-599997.8 01:16

In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not.

UnknownView Details
CVE-2026-599987.8 01:16

sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.

UnknownView Details
CVE-2026-599977.8 01:16

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.

UnknownView Details
CVE-2026-599967.8 01:16

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations.

UnknownView Details
CVE-2026-599957.8 01:16

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.

UnknownView Details
CVE-2026-568437.8 01:16

Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do not own, because ownership is enforced only for certain lookup filters and schema validation is bypassed for legacy protocol versions. This results in cross-tenant disclosure of other tenants' FTP credentials stored in cleartext, which can be leveraged to execute code as another tenant's system user.

UnknownView Details
CVE-2026-554387.8 01:16

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, the workspace was resolved by ID without confirming the URL's username matched the real owner, while the CORS middleware trusted the unverified username in the hostname. Practical exploitation requires subdomain app routing (wildcard hostname) enabled and a victim who visits the attacker's crafted app URL while authenticated. The fix in versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2 validates the subdomain username against the resolved workspace's actual owner and bases the same-owner CORS decision on the authoritative owner identity. No known workarounds are available.

CoderView Details