🛡️ blast.kok.fyi / all

UNFILTERED firehose · refresh 2026-07-03 22:37 EEST · refresh every 15 min · ← main (hosting only) · today → · cPanel releases → · WordPress →
1631CISA KEV total 25KEV recent (top 25) 25CVEs published 7d 4Critical 7d 50Security headlines 120Vendor updates 15WordPress

🚨 CISA KEV — recently added

⚠️ KEV contains historical CVEs (CVE-2008, CVE-2010 etc) that are currently being actively exploited. Watch the "ADDED" date — that's when CISA confirmed active exploitation in 2026, NOT when the CVE was published.
ADDED 2026-07-01CVE-2026-45659 — Microsoft SharePoint Server
Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
ADDED 2026-06-29CVE-2026-48558 — SimpleHelp SimpleHelp
SimpleHelp Authentication Bypass Vulnerability
ADDED 2026-06-25CVE-2026-12569 — PTC Windchill and FlexPLM
PTC Windchill and FlexPLM Improper Input Validation Vulnerability
ADDED 2026-06-25CVE-2026-20230 — Cisco Unified Communications Manager
Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability
ADDED 2026-06-23CVE-2025-67038 — Lantronix EDS5000
Lantronix EDS5000 Code Injection Vulnerability
Show 20 more KEV entries
ADDED 2026-06-23CVE-2026-34910 — Ubiquiti UniFi OS
Ubiquiti UniFi OS Improper Input Validation Vulnerability
ADDED 2026-06-23CVE-2026-34909 — Ubiquiti UniFi OS
Ubiquiti UniFi OS Path Traversal Vulnerability
ADDED 2026-06-23CVE-2026-34908 — Ubiquiti UniFi OS
Ubiquiti UniFi OS Improper Access Control Vulnerability
ADDED 2026-06-18CVE-2026-20253 — Splunk Enterprise
Splunk Enterprise Missing Authentication for Critical Function Vulnerability
ADDED 2026-06-16CVE-2026-48907 — Widget Factory Joomla Content Editor
Widget Factory Joomla Content Editor Improper Access Control Vulnerability
ADDED 2026-06-15CVE-2026-54420 — LiteSpeed cPanel Plugin
LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
ADDED 2026-06-15CVE-2026-20262 — Cisco Catalyst SD-WAN Manager
Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability
ADDED 2026-06-12RANSOMWARECVE-2026-35273 — Oracle PeopleSoft Enterprise PeopleTools
Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability
ADDED 2026-06-11CVE-2026-10520 — Ivanti Sentry
Ivanti Sentry OS Command Injection Vulnerability
ADDED 2026-06-09CVE-2026-11645 — Google Chromium V8
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
ADDED 2026-06-09CVE-2026-7473 — Arista Extensible Operating System
Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability
ADDED 2026-06-09CVE-2026-20245 — Cisco Catalyst SD-WAN Manager
Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability
ADDED 2026-06-08CVE-2026-42271 — BerriAI LiteLLM
BerriAI LiteLLM Command Injection Vulnerability
ADDED 2026-06-08RANSOMWARECVE-2026-50751 — Check Point Security Gateway
Check Point Security Gateway Improper Authentication Vulnerability
ADDED 2026-06-05CVE-2026-28318 — SolarWinds Serv-U
SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability
ADDED 2026-06-03CVE-2026-45247 — Mirasvit Mirasvit Full Page Cache Warmer
Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability
ADDED 2026-06-02CVE-2022-0492 — Linux Kernel
Linux Kernel Improper Authentication Vulnerability
ADDED 2026-06-02CVE-2025-48595 — Android Framework
Android Framework Integer Overflow Vulnerability
ADDED 2026-06-01CVE-2024-21182 — Oracle WebLogic Server
Oracle WebLogic Server Unspecified Vulnerability
ADDED 2026-05-29CVE-2026-0257 — Palo Alto Networks PAN-OS
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

📋 NVD — recent CVEs (7 days)

UnknownCVE-2026-53287
In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritable capability in CAPSET records __audit_log_capset() records the effective capability set into the i
2026-06-26 23:17
UnknownCVE-2026-53286
In the Linux kernel, the following vulnerability has been resolved: idpf: fix double free and use-after-free in aux device error paths When auxiliary_device_add() fails in idpf_plug_vport_aux_dev()
2026-06-26 23:17
UnknownCVE-2026-53285
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED [Why] dcn32_validate_bandwidth() wraps dcn3
2026-06-26 23:17
HIGHCVE-2026-53284
In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes [WARNING] With extra warning on dirty extent buffers at umount
2026-06-26 23:17 · CVSS 7.5
UnknownCVE-2026-53283
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Bounds-check devid in __rlookup_amd_iommu() iommu_device_register() walks every device on the PCI bus via bus_for_each_
2026-06-26 23:17
Show 20 more CVEs
UnknownCVE-2026-53282
In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Push kjump return address even for non-kjump kexec The version of purgatory code shipped by kexec-tools attempts to loo
2026-06-26 23:17
HIGHCVE-2026-53281
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid NULL pointer dereference or refcount corruption Commit 60f030f7418d ("iommu/vt-d: Avoid use of NULL after WARN_O
2026-06-26 23:17 · CVSS 8.8
UnknownCVE-2026-53280
In the Linux kernel, the following vulnerability has been resolved: iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done() Local sashiko review pointed it out that group->domain cou
2026-06-26 23:17
UnknownCVE-2026-53279
In the Linux kernel, the following vulnerability has been resolved: drm/gma500/oaktrail_lvds: fix hang on init failure The LVDS init code looks up an I2C adapter using i2c_get_adapter() and tries to
2026-06-26 23:17
UnknownCVE-2026-53278
In the Linux kernel, the following vulnerability has been resolved: arm_mpam: Check whether the config array is allocated before destroying it __destroy_component_cfg() is called to free the configu
2026-06-26 23:17
CRITICALCVE-2026-52785
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a SQL injection in timestamps functionality. OpenProject baseline comparison allows callers to r
2026-06-26 23:17 · CVSS 9.9
HIGHCVE-2026-52784
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a CSRF on TARGET through /users/:id via POST parameter "user[admin]". This vulnerability is fixe
2026-06-26 23:17 · CVSS 8.8
HIGHCVE-2026-52783
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth access_token plaintext to Rai
2026-06-26 23:17 · CVSS 8.2
CRITICALCVE-2026-52782
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is an IDOR through /projects/<A>/settings/project_storages/<A_ps_id> via PATCH parameter "storages_
2026-06-26 23:17 · CVSS 9.9
MEDIUMCVE-2026-52781
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the HTML sanitizer grants <macro> elements unrestricted data-* attributes via :data wildcard. An attacker
2026-06-26 23:17 · CVSS 6.4
CRITICALCVE-2026-52780
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution (RCE). This vulnerability is fixed in 17.3.3 and 17.
2026-06-26 23:17 · CVSS 9.6
MEDIUMCVE-2026-52779
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, a cross-project IDOR / authorization context confusion in the Calendar and Team Planner modules allows a
2026-06-26 23:17 · CVSS 5.4
HIGHCVE-2026-49991
RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the S
2026-06-26 23:17 · CVSS 8.6
MEDIUMCVE-2026-49355
OpenProject is open-source, web-based project management software. Prior to 17.4.0, `GET /api/v3/meetings/:meeting_id/agenda_items/:agenda_item_id` discloses private work package data from a linked wo
2026-06-26 23:17 · CVSS 4.3
HIGHCVE-2026-47193
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field vis
2026-06-26 23:17 · CVSS 7.5
CRITICALCVE-2026-46386
OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRET_KEY_BASE=OVERWRITE_ME as the default Rails master key.
2026-06-26 23:17 · CVSS 9.9
MEDIUMCVE-2026-44736
OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows any authenticated user to retrieve relations — and the subject (title) of
2026-06-26 23:17 · CVSS 6.5
MEDIUMCVE-2026-44735
OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoint returns share details for ALL work packages in a project to any user with
2026-06-26 23:17 · CVSS 6.5
MEDIUMCVE-2026-44734
OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, a Missing Authorization vulnerability exists in OpenProject's CostReportsController. The rename and updat
2026-06-26 23:17 · CVSS 6.5
MEDIUMCVE-2026-44733
OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, Business Logic Error on OpenProject through PATCH request to /api/v3/users/me permits to bypass password
2026-06-26 23:17 · CVSS 5.9

📰 Security headlines

Show 45 more headlines
Re: Fwd: Node.js security updates for all active release lines, June 2026
OSS-Security (Marcel-tier disclosure list) · 2026-07-03 01:39
CVE-2026-43503: Analysis of the "DirtyClone" Linux LPE (Dirty Frag family variant)
OSS-Security (Marcel-tier disclosure list) · 2026-07-03 01:32
FBI Seizes NetNut Proxy Platform, Popa Botnet
Krebs on Security · 2026-07-02 22:27
OpenBlow Multiple Deanonymization Vulnerabilities
Full-Disclosure · 2026-07-02 21:40
APPLE-SA-06-29-2026-3 Safari 26.5.2
Full-Disclosure · 2026-07-02 21:25
APPLE-SA-06-29-2026-2 macOS Tahoe 26.5.2
Full-Disclosure · 2026-07-02 21:25
APPLE-SA-06-29-2026-1 iOS 26.5.2 and iPadOS 26.5.2
Full-Disclosure · 2026-07-02 21:25
Catan and Mouse
Cisco Talos · 2026-07-02 21:00
CubeSpace CW0057 Reaction Wheel
CISA Alerts · 2026-07-02 15:00
Gardyn IoT Hub
CISA Alerts · 2026-07-02 15:00
ST Engineering iDirect iQ-Series Terminals
CISA Alerts · 2026-07-02 15:00
Cybersecurity Mission Creep in the US
Schneier · 2026-07-02 14:11
MAD Bugs: My Cousin Vinyl (CVE-2026-50052)
Calif (security research, HTTP/2/TLS/web protocols) · 2026-07-01 17:36
Papa Johns Surveillance-Based Advertising
Schneier · 2026-07-01 13:53
The Realities of AI Video Surveillance
Schneier · 2026-06-30 15:05

🏷️ Vendor updates

Show 95 more vendor updates
Friday Five — July 3, 2026
Red Hat · 2026-07-03 03:00
USN-8503-1: ncurses vulnerability
Ubuntu Security · 2026-07-03 01:04
USN-8500-1: Vim vulnerabilities
Ubuntu Security · 2026-07-02 19:46
USN-8501-1: Linux kernel vulnerabilities
Ubuntu Security · 2026-07-02 19:14
USN-8493-2: Linux kernel (Oracle) vulnerabilities
Ubuntu Security · 2026-07-02 19:07
USN-8499-1: Linux kernel (Xilinx) vulnerabilities
Ubuntu Security · 2026-07-02 18:56
Your Patch Cycle Is Already Behind.
SUSE Security · 2026-07-01 20:36
pgtt v4.5 has been released
PostgreSQL · 2026-06-28 03:00
pg_qualstats 2.1.4 is out!
PostgreSQL · 2026-06-26 03:00
pg_stat_kcache 2.3.2 is out!
PostgreSQL · 2026-06-26 03:00
SUSE Multi-Linux Manager 5.x on Azure
SUSE Security · 2026-06-24 17:15
AlmaLinux OS is Common Criteria certified
AlmaLinux · 2026-06-24 03:00
Critical Security Patch Update Advisory - June 2026
Oracle Security · 2026-06-16 15:30
Oracle Security Alert Advisory - CVE-2026-35273
Oracle Security · 2026-06-11 04:00
mTLS Policies in NGINX Ingress Controller
nginx blog · 2026-06-08 18:44
HTTP/2 Bomb Vulnerability
LiteSpeed · 2026-06-05 14:56
Security Update for LiteSpeed cPanel Plugin
LiteSpeed · 2026-06-01 19:04
The Future of The Patchstack Bug Bounty Program
Patchstack (WP Vulns) · 2026-05-29 14:00
Critical Security Patch Update Advisory - May 2026
Oracle Security · 2026-05-28 22:30
CIFSwitch (CVE-2026-46243) Patches Released
AlmaLinux · 2026-05-28 03:00
Security Update for LSCWP
LiteSpeed · 2026-05-27 17:42
Security Update for LiteSpeed cPanel Plugin
LiteSpeed · 2026-05-21 18:04
Stretch Your Hardware Budget With LiteSpeed
LiteSpeed · 2026-05-11 13:00
Oracle Critical Patch Update Advisory - April 2026
Oracle Security · 2026-04-21 22:30
HostArmada Adds Patchstack to Its Security Stack
Patchstack (WP Vulns) · 2026-04-21 15:28
EasyApache 4 25.69
cPanel Releases ·
EasyApache 4 25.68
cPanel Releases ·
Sitejet Builder 4.10.0-1
cPanel Releases ·
EasyApache 4 25.67
cPanel Releases ·
dnsdist-2.1.0
PowerDNS ·
auth-5.1.3
PowerDNS ·
auth-5.1.2
PowerDNS ·
auth-5.0.6
PowerDNS ·
auth-4.9.16
PowerDNS ·