Track, prioritise and act on the vulnerabilities that actually threaten your external attack surface — CVEs, exploits, EPSS, CISA KEV and trending attacks, unified in one continuously updated feed.
0 CVEs tracked and updated continuously
Streaming live from the Patrowl Intelligence API.
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The project tagged the reported issue as bug.
A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used.
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. This makes it possible for unauthenticated attackers to send a password reset link for any user registered on the site to their own email address.
MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFORE_REQUEST_HANDLERS` dictionary in `mlflow/server/auth/__init__.py` does not include entries for `ListGatewaySecretInfos`, `ListGatewayEndpoints`, and `ListGatewayModelDefinitions`. This allows any authenticated user, regardless of their assigned permissions, to enumerate all gateway secrets, endpoints, and model definitions. This vulnerability exposes sensitive information, such as API keys, endpoint configurations, and proprietary model definitions, to unauthorized users.
A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.7.0 will fix this issue. The identifier of the patch is c87682afa8df79853299f75489c9d333f7bc5fce. Upgrading the affected component is recommended.
A buffer overflow vulnerability in the UPnP AddPortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the affected device.
Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted web_action_data URL parameter.
A vulnerability was detected in itsourcecode Fees Management System 1.0. Affected is an unknown function of the file /manage_payment.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.
The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields (Page Background, Form Background, Text Color, Link Color) in versions up to and including 1.0.3. This is due to insufficient input sanitization of the color option values (they were registered with register_setting() and stored via the Settings API/update_option() with no sanitize_callback) combined with the values being output into a <style> block on wp-login.php using esc_attr(), which is incorrect for a CSS context (it does not escape ;, {, }, / or *). This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary CSS rules into the login page that are rendered for all unauthenticated visitors, enabling UI-redress and credential-phishing attacks.
We correlate disclosures with real-world exploitation signals so you see the campaigns hitting exposed assets — before they reach yours.
Get the full threat feedPlesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the server, resulting in local privilege escalation.
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
Roundcube is an open-source webmail application that allows users to access and manage email through a web browser. CVE-2026-48842 is a pre-authentication SQL injection vulnerability affecting Roundcube Webmail versions before 1.6.16 and 1.7.1. The flaw exists in the virtuser_query plugin and can be exploited remotely without authentication through a preg_replace() backslash escape bypass, potentially allowing attackers to manipulate database queries and compromise sensitive information.
Map your entire external attack surface automatically — domains, IPs, services and shadow IT.
Continuously match exposures against new CVEs, public exploits and CISA KEV entries.
Prioritise with the Patrowl EASM risk score and act on what truly matters first.
Stay ahead with real-time alerts the moment a threat starts trending.
Patrowl turns raw vulnerability data into prioritised, actionable intelligence — so your team spends time fixing what attackers will actually use.
Assets monitored
Vulnerabilities analysed
Faster remediation
patrowl-cve-analyst pulls correlated CVE, CVSS, EPSS, CISA KEV, public-exploit and trending-attack data from Patrowl Intelligence — and produces decision-grade risk briefs in seconds.
$ claude
> Use the patrowl-cve-analyst skill —
brief me on CVE-2025-41115
┌─ Patrowl risk brief ───────────────────────┐
│ EASM score 8.7 / 10 high │
│ CVSS v4.0 9.1 v3.1 8.7 │
│ EPSS 12.4% KEV no │
│ Public PoCs 2 Remote yes │
│ │
│ Verdict Patch within 7 days. Trending │
│ exploitation observed in the wild. │
└────────────────────────────────────────────┘
security tipsJun 1, 2026
With a 5-day MTTE and 32% of breaches via exploits, relying on a single approach is an operational mistake. See how Patrowl orchestrates all three continuously.
Read more
hacksMay 21, 2026
Cybercriminals use fake lookalike domains to impersonate brands and launch phishing campaigns. Discover how Patrowl detects and monitors typosquatting domains before attacks happen.
Read more
retrospectivesMay 18, 2026
Why cyberattacks are becoming quieter but far more damaging: Shadow AI, third-party exposure, external visibility and continuous compliance.
Read moreMore than 100 companies trust us
