Security Feeds

A living view of what actually matters right now: vulnerabilities under active exploitation, new high-severity CVEs, AI security research and incidents, and fresh threat intel — each with impact, remediation, and a risk rating computed from CISA KEV listing, CVSS, and EPSS exploit-prediction scores. Updated automatically twice a day. Click any row for details.

CISA Known Exploited VulnerabilitiesNIST NVD — new high/critical CVEs (7 days)GitHub Security AdvisoriesSANS Internet Storm Centerabuse.ch ThreatFox (24h IOCs)abuse.ch URLhaus (recent malware URLs)arXiv — LLM/AI security researchAI Incident DatabaseEmbrace The Red (AI red-teaming)Last updated 2026-07-12 14:38 UTC

Known-exploited or highest-likelihood items across all sources.

criticalCVE-2026-61447 (CVSS 10)AI

PraisonAI versions before 1.6.78 allow remote code execution through the CodeAgent._execute_python() function, which executes LLM-generated Python code without validation or sandboxing. Attackers can inject prompts to manipulate the LLM output and execute arbitrary code or steal environment secrets.

Impact: Any organization using PraisonAI versions before 1.6.78 in production faces complete system compromise, including unauthorized code execution and credential theft on affected hosts.

Remediation: Upgrade PraisonAI to version 1.6.78 or later immediately. If immediate upgrade is not possible, disable or isolate the CodeAgent component and remove sensitive environment variables from systems running affected versions.

NIST NVD — new high/critical CVEs (7 days)CVSS 10EPSS 0.5%View at sourceCheck on VirusTotal

criticalCVE-2026-57827 (CVSS 10)

CVE-2026-57827 is a critical vulnerability in the Joomla RSFiles extension that allows unauthenticated attackers to upload arbitrary executable files, resulting in remote code execution. The vulnerability is network-exploitable with no authentication required.

Impact: Any Joomla installation running the vulnerable RSFiles extension is at critical risk of complete server compromise and data breach by remote attackers.

Remediation: Immediately update the RSFiles extension to the latest patched version, or disable and remove the extension if an update is unavailable. If the extension cannot be updated promptly, restrict access to the upload functionality at the web server or firewall level.

NIST NVD — new high/critical CVEs (7 days)CVSS 10EPSS 0.3%View at sourceCheck on VirusTotal

criticalCVE-2026-56291: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability

Balbooa Forms contains an unrestricted file upload vulnerability allowing unauthenticated attackers to upload executable files without validation. This vulnerability is currently being exploited in the wild and can lead to remote code execution.

Impact: All systems running vulnerable Balbooa Forms are at critical risk of complete compromise through remote code execution by unauthenticated attackers.

Remediation: Update Balbooa Forms to a patched version immediately and implement server-side file type validation and restrictions on upload directories. Disable execution permissions on upload folders and restrict access to form upload functionality.

CISA Known Exploited VulnerabilitiesEPSS 0.8%View at sourceCheck on VirusTotal

criticalCVE-2026-48939: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability

CVE-2026-48939 is an unrestricted file upload vulnerability in iCagenda that allows attackers to upload arbitrary files through the file attachment feature, enabling PHP code execution. This vulnerability is currently being actively exploited in the wild.

Impact: Any organization using iCagenda is at immediate risk of remote code execution and full server compromise due to active exploitation.

Remediation: Update iCagenda to a patched version immediately and implement server-side file type validation that whitelist only safe file extensions and MIME types. Disable PHP execution in upload directories via web server configuration.

CISA Known Exploited VulnerabilitiesEPSS 1.5%View at sourceCheck on VirusTotal

criticalCVE-2026-54769 (CVSS 10)AI

Langroid versions before 0.65.2 contain a sandbox escape vulnerability in TableChatAgent and VectorStore that allows remote code execution when LLM-generated tool messages are evaluated with full_eval=True. An attacker can exploit this through LLM-controlled input to execute arbitrary code on affected systems.

Impact: Any application using vulnerable Langroid versions with these agents is at critical risk of complete system compromise through remote code execution via network-accessible LLM interfaces.

Remediation: Upgrade Langroid to version 0.65.2 or later immediately. Review any deployments using TableChatAgent or VectorStore with full_eval enabled and disable this setting until patched.

NIST NVD — new high/critical CVEs (7 days)CVSS 10EPSS 0.9%View at sourceCheck on VirusTotal

criticalCVE-2026-55500 (CVSS 9.9)

9Router versions before 0.4.80 expose an unauthenticated database endpoint that allows attackers to export the complete database containing all stored credentials, API keys, and OAuth tokens, or import a malicious database to overwrite the entire system. The vulnerability requires only basic middleware validation and no additional authentication c…

Impact: Any attacker with network access to the 9Router instance can steal all stored secrets and credentials or completely compromise system integrity by overwriting the database, affecting all users and in…

Remediation: Upgrade 9Router to version 0.4.80 or later immediately. If immediate upgrade is not possible, restrict network access to the /api/settings/database endpoint using a firewall or reverse proxy until patching can be completed.

NIST NVD — new high/critical CVEs (7 days)CVSS 9.9EPSS 0.7%View at sourceCheck on VirusTotal

criticalCVE-2026-57807 (CVSS 9.8)

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO (OAuth Client): from n/a through 38.5.8.

Impact: CRITICAL severity, network-exploitable

Remediation: Apply the vendor patch or mitigation linked in the advisory references.

NIST NVD — new high/critical CVEs (7 days)CVSS 9.8EPSS 0.4%View at sourceCheck on VirusTotal

criticalCVE-2026-12761 (CVSS 9.8)

The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass leading to account takeover in versions up to and including 7.7.0. This is due to the Profile Completion flow accepting an arbitrary email address via the 'email_field' POST parameter without verifying that the email belongs to the identity returned by the OAut…

Impact: CRITICAL severity, network-exploitable

Remediation: Apply the vendor patch or mitigation linked in the advisory references.

NIST NVD — new high/critical CVEs (7 days)CVSS 9.8EPSS 0.5%View at sourceCheck on VirusTotal

criticalCVE-2026-5801 (CVSS 9.8)

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection. This issue affects SEM-PMP: through 23042026.

Impact: CRITICAL severity, network-exploitable

Remediation: Apply the vendor patch or mitigation linked in the advisory references.

NIST NVD — new high/critical CVEs (7 days)CVSS 9.8EPSS 0.4%View at sourceCheck on VirusTotal

criticalCVE-2026-2397 (CVSS 9.8)

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Impact: CRITICAL severity, network-exploitable

Remediation: Apply the vendor patch or mitigation linked in the advisory references.

NIST NVD — new high/critical CVEs (7 days)CVSS 9.8EPSS 0.3%View at sourceCheck on VirusTotal

criticalCVE-2026-40008 (CVSS 9.8)

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using Class.forName().newInstance() without any validation or allowlisting. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the iss…

Impact: CRITICAL severity, network-exploitable

Remediation: Apply the vendor patch or mitigation linked in the advisory references.

NIST NVD — new high/critical CVEs (7 days)CVSS 9.8EPSS 0.3%View at sourceCheck on VirusTotal

criticalCVE-2026-28564 (CVSS 9.8)

Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue.

Impact: CRITICAL severity, network-exploitable

Remediation: Apply the vendor patch or mitigation linked in the advisory references.

NIST NVD — new high/critical CVEs (7 days)CVSS 9.8EPSS 0.4%View at sourceCheck on VirusTotal

criticalCVE-2026-15282 (CVSS 9.8)

The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insapp_upload_image_as_attachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Impact: CRITICAL severity, network-exploitable

Remediation: Apply the vendor patch or mitigation linked in the advisory references.

NIST NVD — new high/critical CVEs (7 days)CVSS 9.8EPSS 0.7%View at sourceCheck on VirusTotal

criticalCVE-2026-14894 (CVSS 9.8)

The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submit_form function. This is due to missing file type validation and the absence of any capability check on the submit_form nopriv AJAX handler, whose only barrier is a session nonce freely obtainable by unauthenticated visitors via a separa…

Impact: CRITICAL severity, network-exploitable

Remediation: Apply the vendor patch or mitigation linked in the advisory references.

NIST NVD — new high/critical CVEs (7 days)CVSS 9.8EPSS 0.5%View at sourceCheck on VirusTotal

criticalTSDProxy: Internal proxy auth token forwarded to backend services enables management API escalation

TSDProxy: Internal proxy auth token forwarded to backend services enables management API escalation

Impact: critical severity in go: github.com/almeidapaulopt/tsdproxy

Remediation: Upgrade github.com/almeidapaulopt/tsdproxy to 1.4.4-0.20260603142855-434819b4421e

GitHub Security AdvisoriesCVSS 9View at source