Threat intel

What's happening in cyber, in plain English

We pull from NCSC, CISA, Have I Been Pwned and the NVD every six hours, then summarise each item into what it is, who it affects, and what you can do about it.

SeverityAll Critical High Medium Low Info

KindAll Alert Data breach Vulnerability Advisory Report

SourceAll CISA — Known Exploited Vulnerabilities (1583)NVD — high/critical CVEs (rolling 7d) (1233)Have I Been Pwned — public breach catalog (973)Microsoft MSRC — security update guide (99)Cisco PSIRT — security advisories (52)CISA — cybersecurity advisories (40)FCA — UK unauthorised firms & scam warnings (36)NCSC — news & alerts (15)NCSC — weekly threat report (0)ICO — UK data-breach trends (manual) (0)Action Fraud — UK fraud and cybercrime alerts (0)

MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-5958 Race Condition in GNU Sed
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31494 net: macb: use the current queue number for stats
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31453 xfs: avoid dereferencing log items after push callbacks
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groups
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-41988
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-41989
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31532 can: raw: fix ro->uniq use-after-free in raw_rcv()
Information published.
HighCVENVD — high/critical CVEs (rolling 7d)· 24 Apr 2026· summary pending
CVE-2026-5364 — The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulner…
The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file extension before sanitization occurs and allowing the file type
HighCVENVD — high/critical CVEs (rolling 7d)· 24 Apr 2026· summary pending
CVE-2026-6947 — DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Byp…
DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device.
CriticalCVECISA — Known Exploited Vulnerabilities· 24 Apr 2026· summary pending
CVE-2025-29635 — D-Link DIR-823X Command Injection Vulnerability
D-Link DIR-823X. D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function. The impacted pro
CriticalCVECISA — Known Exploited Vulnerabilities· 24 Apr 2026· summary pending
CVE-2024-57726 — SimpleHelp Missing Authorization Vulnerability
SimpleHelp SimpleHelp. SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role. Required act
CriticalCVECISA — Known Exploited Vulnerabilities· 24 Apr 2026· summary pending
CVE-2024-7399 — Samsung MagicINFO 9 Server Path Traversal Vulnerability
Samsung MagicINFO 9 Server. Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 gu
CriticalCVECISA — Known Exploited Vulnerabilities· 24 Apr 2026· summary pending
CVE-2024-57728 — SimpleHelp Path Traversal Vulnerability
SimpleHelp SimpleHelp. SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41361 — OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fail…
OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections.
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41359 — OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowin…
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write cred
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41355 — OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability i…
OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiti
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41353 — OpenClaw before 2026.3.22 contains an access control bypass vulnerability in th…
OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41352 — OpenClaw before 2026.3.31 contains a remote code execution vulnerability where…
OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system withou
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41349 — OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allo…
OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41347 — OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endp…
OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing cross-site request forgery attacks. Attackers can exploit this by sending malicious requests from a browser in trusted-proxy dep
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41342 — OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in th…
OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Attackers can spoof discovery endpoints to redirect onboarding t
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41336 — OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_…
OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspaces to execut

Sources are pulled directly from each provider's public feed and never modified. AI summaries are produced for plain-English readability and are clearly labelled — always follow the source link for the authoritative advisory.