Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

316 New today

62,159 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

May 31

417

Jun 1

295

Jun 2

151

Jun 3

354

Jun 4

517

Jun 5

109

Jun 6

Jun 7

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Critical

High

Medium

Low

Latest

CVE CVSS 3.7

@apostrophecms/file pretty-URL Vulnerable to Unauthenticated SSRF via Host header_CVE-2026-53607

ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when `prettyUrls: true` is enabled on `@apostrophecms/file` (a documented SEO feature for serving uploaded files at clean URLs), the public pretty-URL handler builds the ...

CVE-2026-53607 apostrophecms apostrophe <= 4.30.0

Jun 12, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.4	CVE-2026-53606	sanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes_CVE-2026-53606 ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of...	apostrophecms	sanitize-html < 2.17.5	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-4870	Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions._CVE-2026-4870 IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recu...	IBM	Qiskit SDK 0.43.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-47264	Discourse: Don’t leak restricted tag group names via tag info_CVE-2026-47264 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-47263	Discourse: Prevent webhook payload disclosure on event redelivery_CVE-2026-47263 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 6.8	CVE-2026-45775	Discourse: Cross-site backup access via path traversal in multisite local backups_CVE-2026-45775 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-45085	Discourse: Chat misauthorization and information disclosure_CVE-2026-45085 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-45014	Apostrophe Vulnerable to Stored Cross-Site Scripting via Unsanitized User Display Name in Draft Version Tooltip_CVE-2026-45014 ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 are vulnerable to stored cross-site scriptin...	apostrophecms	apostrophe <= 4.29.0	Jun 12, 2026	CVE
HIGH 8.1	CVE-2026-45013	Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation_CVE-2026-45013 ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 have a password reset flow that constructs t...	apostrophecms	apostrophe <= 4.29.0	Jun 12, 2026	CVE
HIGH 7.6	CVE-2026-45012	Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget_CVE-2026-45012 ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 contain an authenticated server-side request...	apostrophecms	apostrophe <= 4.29.0	Jun 12, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

@apostrophecms/file pretty-URL Vulnerable to Unauthenticated SSRF via Host header_CVE-2026-53607

Recent Advisories

sanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes_CVE-2026-53606

Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions._CVE-2026-4870

Discourse: Don’t leak restricted tag group names via tag info_CVE-2026-47264

Discourse: Prevent webhook payload disclosure on event redelivery_CVE-2026-47263

Discourse: Cross-site backup access via path traversal in multisite local backups_CVE-2026-45775

Discourse: Chat misauthorization and information disclosure_CVE-2026-45085

Apostrophe Vulnerable to Stored Cross-Site Scripting via Unsanitized User Display Name in Draft Version Tooltip_CVE-2026-45014

Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation_CVE-2026-45013

Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget_CVE-2026-45012

Protect Your Attack Surface with RedGem

Security Intelligence
Feed