Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

63 New today
62,264 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

295
Jun 2
151
Jun 3
354
Jun 4
517
Jun 5
109
Jun 6
32
Jun 7
255
Jun 8
658
Jun 9
351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
63
Jun 14
Jun 15
Critical
High
Medium
Low
Latest
CVE CVSS 8.7

@apostrophecms/seo Vulnerable to Stored XSS via Unsanitized Google Analytics / GTM ID Injected into Script Tag_CVE-2026-53608

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the `@apostrophecms/seo` package injects the Google Analytics Tracking ID (`seoGoogleTrackingId`) and Google Tag Manager ID (`seoGoogleTagManager`) directly into `<script>`...

CVE-2026-53608 apostrophecms @apostrophecms/seo <= 1.4.2
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.8 CVE-2026-53523

Nezha Monitoring: OAuth2 Redirect URL — Host Header Injection_CVE-2026-53523

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the get...

nezhahq nezha >= 1.0.0, < 2.2.0 CVE
MEDIUM 6.5 CVE-2026-53522

Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS_CVE-2026-53522

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nez...

nezhahq nezha >= 1.0.0, < 2.2.0 CVE
MEDIUM 6.4 CVE-2026-53521

Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user’s DDNS profile context_CVE-2026-53521

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH ...

nezhahq nezha >= 2.0.14, < 2.1.0 CVE
MEDIUM 6.5 CVE-2026-53520

Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing_CVE-2026-53520

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authen...

nezhahq nezha >= 2.0.14, < 2.1.0 CVE
CRITICAL 9.1 CVE-2026-53519

Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key_CVE-2026-53519

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the ...

nezhahq nezha < 2.0.13 CVE
MEDIUM 5.3 CVE-2026-49397

Nezha Monitoring: Private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data_CVE-2026-49397

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, privat...

nezhahq nezha >= 2.0.0, < 2.0.14 CVE
HIGH 7.1 CVE-2026-49396

Nezha Monitoring: Cross-site GET request can trigger stored cron commands on a victim’s agents_CVE-2026-49396

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-...

nezhahq nezha >= 1.0.0, < 2.0.14 CVE
HIGH 7.1 CVE-2026-48119

Nezha Monitoring: Authenticated agents can forge service-monitor results for other users’ services_CVE-2026-48119

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authe...

nezhahq nezha >= 0.20.0, < 2.0.12 CVE
MEDIUM 6.4 CVE-2026-47268

Nezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the dashboard host_CVE-2026-47268

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an au...

nezhahq nezha >= 0.20.0, < 2.0.10 CVE