FACTUALRISK Cyber Intelligence
Mise à jour : 15 Jul 2026 · 00:03
← Accueil
🗞 Briefing
💥 Menaces
🛡 Vulnérabilités
📋 Conformité
📚 Guides
← Retour FactualRisk
ITW / KEV actifs
21
exploitation confirmée
GreyNoise trending
0
scan massif actif
PoC publics
3
dans la période
Exploit-DB nouveaux
19
PoC RSS
📡 ITW confirmé
Splunk / EnterpriseCVSS 9.8EPSS 0.882Score 250
Splunk Enterprise Missing Authentication for Critical Function Vulnerability
Ubiquiti / UniFi OSCVSS 10.0EPSS 0.786Score 229
Ubiquiti UniFi OS Improper Input Validation Vulnerability
Widget Factory / Joomla Content Editor CVSS 9.8EPSS 0.804Score 225
Widget Factory Joomla Content Editor Improper Access Control Vulnerability
Cisco / Unified Communications ManagerCVSS 8.6EPSS 0.417Score 177
Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability
Adobe / ColdFusionCVSS 10.0EPSS 0.286Score 169
Adobe ColdFusion Path Traversal Vulnerability
Ubiquiti / UniFi OSCVSS 10.0EPSS 0.023Score 138
Ubiquiti UniFi OS Path Traversal Vulnerability
Joomlack / Page BuilderCVSS 9.8EPSS 0.029Score 137
Joomlack Page Builder Improper Access Control Vulnerability
JoomShaper / SP Page BuilderCVSS 9.8EPSS 0.016Score 136
JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability
iCagenda / iCagendaCVSS 9.8EPSS 0.015Score 136
iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
PTC / Windchill and FlexPLMCVSS 9.8EPSS 0.012Score 135
PTC Windchill and FlexPLM Improper Input Validation Vulnerability
CVE-2026-15409NOUVEAUKEVITW
SonicWall / SMA1000 AppliancesCVSS 10.0EPSS 0.000Score 135
SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability
Lantronix / EDS5000CVSS 9.8EPSS 0.009Score 135
Lantronix EDS5000 Code Injection Vulnerability
CVE-2026-56291NOUVEAUKEVITW
Balbooa / FormsCVSS 9.8EPSS 0.008Score 135
Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability
Ubiquiti / UniFi OSCVSS 10.0EPSS 0.025Score 133
Ubiquiti UniFi OS Improper Access Control Vulnerability
Microsoft / SharePoint ServerCVSS 8.8EPSS 0.032Score 132
Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
SimpleHelp / SimpleHelpCVSS 10.0EPSS 0.012Score 131
SimpleHelp Authentication Bypass Vulnerability
Langflow / LangflowCVSS 8.4EPSS 0.006Score 121
Langflow Authorization Bypass Through User-Controlled Key Vulnerability
CVE-2026-15410NOUVEAUKEVITW
SonicWall / SMA1000 AppliancesCVSS 7.2EPSS 0.000Score 118
SonicWall SMA1000 Appliances Code Injection Vulnerability
CVE-2026-56155NOUVEAUKEVITW
Microsoft / Active Directory Federation ServicesCVSS 7.8EPSS 0.000Score 117
Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability
CVE-2026-56164NOUVEAUKEVITW
Microsoft / SharePoint ServerCVSS 5.3EPSS 0.000Score 107
Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability
📡 GreyNoise — Scans massifs actifs
GreyNoise non configuré — ajoutez GREYNOISE_API_KEY pour voir les scans massifs actifs.
💣 Exploit-DB — PoC publics récents
[webapps] Krayin CRM v2.2.x - Authenticated Remote Code Execution
📅 08 July 2026EDB-52629
Krayin CRM v2.2.x - Authenticated Remote Code Execution
[webapps] Atarim WordPress Plugin 4.2.2 - Sensitive Information Exposure
📅 08 July 2026EDB-52628
Atarim WordPress Plugin 4.2.2 - Sensitive Information Exposure
[webapps] Langflow 1.9.0 - RCE
📅 08 July 2026EDB-52627
Langflow 1.9.0 - RCE
[webapps] Joomla Page Builder CK 3.5.10 - Arbitrary File Upload
📅 08 July 2026EDB-52626
Joomla Page Builder CK 3.5.10 - Arbitrary File Upload
[webapps] MCPJam Inspector - Remote Code Execution
📅 07 July 2026EDB-52625
MCPJam Inspector - Remote Code Execution
[local] ProtonVPN v4.4.1 - Unquoted Service Path
📅 07 July 2026EDB-52624
ProtonVPN v4.4.1 - Unquoted Service Path
[webapps] Flowise 3.1.3 - arbitrary code execution
📅 07 July 2026EDB-52623
Flowise 3.1.3 - arbitrary code execution
[remote] Hydra - Stack Buffer Overflow
📅 07 July 2026EDB-52622
Hydra - Stack Buffer Overflow
[webapps] Discuz! X5.0 - Authentication Bypass
📅 07 July 2026EDB-52621
Discuz! X5.0 - Authentication Bypass
[webapps] Tenable Nessus 10.12.1 - SQL Injection
📅 07 July 2026EDB-52620
Tenable Nessus 10.12.1 - SQL Injection
[webapps] WordPress Bricks Builder Theme - RCE
📅 07 July 2026EDB-52619
WordPress Bricks Builder Theme - RCE
[remote] iOS Bluetooth PAN Exploit - Ethernet Gateway without Adapter
📅 07 July 2026EDB-52618
iOS Bluetooth PAN Exploit - Ethernet Gateway without Adapter
[webapps] Joomla Extension 4.1.4 - PHP Object injection
📅 06 July 2026EDB-52617
Joomla Extension 4.1.4 - PHP Object injection
[webapps] Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass
📅 06 July 2026EDB-52616
Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass
[local] MEmu Android Emulator 9.2.7.0 - Local Privilege Escalation
📅 06 July 2026EDB-52615
MEmu Android Emulator 9.2.7.0 - Local Privilege Escalation
[webapps] KeepInMind 0.8.4.2 - Stored XSS
📅 06 July 2026EDB-52614
KeepInMind 0.8.4.2 - Stored XSS
[webapps] KNX visualisering - Broken Access Control
📅 06 July 2026EDB-52613
KNX visualisering - Broken Access Control
[local] Windows Defender (MsMpEng.exe) - Race Condition
📅 06 July 2026EDB-52612
Windows Defender (MsMpEng.exe) - Race Condition
[webapps] WordPress Plugin WPZOOM Portfolio 1.4.21 - Reflected Cross-Site Scripting (XSS)
📅 06 July 2026EDB-52611
WordPress Plugin WPZOOM Portfolio 1.4.21 - Reflected Cross-Site Scripting (XSS)
🔬 CVEs avec PoC connu
CVE-2026-45262NOUVEAUPoC
composer / facturascripts/facturascriptsCVSS 9.9EPSS 0.000Score 72
FacturaScripts: Authenticated SQL injection in the FacturaScripts REST API filter parameter via parenthesis bypass in `Where::sqlColumn`
npm / wsCVSS 7.5EPSS 0.008Score 64
ws: Memory exhaustion DoS from tiny fragments and data chunks
CVE-2026-45263NOUVEAUPoC
composer / facturascripts/facturascriptsCVSS 8.0EPSS 0.000Score 56
FacturaScripts: CSV formula injection in CSVExport allows authenticated low-priv users to plant payloads that execute when an admin opens the export

L'écosystème

Digimoove ESN Paris — Cyber · Cloud · Automatisation IA · Observabilité NAIvigate Veille & formation IA FactualRisk est une marque de l'écosystème Digimoove