Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

69 New today

64,277 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

Jun 21

Critical

High

Medium

Low

Latest

CVE CVSS 8.3

OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)_CVE-2026-45696

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K (High-Throughput JPEG 2000) decoder, ht_undo_impl() in OpenEXRCore is vulnerable to a heap-buffer-overflo...

CVE-2026-45696 AcademySoftwareFoundation openexr >= 3.4.0, < 3.4.11

Jun 18, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2026-8668	Hardcoded credentials in embedded content_CVE-2026-8668 A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained ten...	Progress Chef	Chef360	Jun 18, 2026	CVE
HIGH 8.6	CVE-2026-8100	CVE-2026-8100_CVE-2026-8100 Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions....	Progress Chef	Chef360	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-54130	M365 Copilot Information Disclosure Vulnerability_CVE-2026-54130 {“lastseen”:””,”description”:””,”published”:”2026-06-18T21:42:39.358Z”,&#82...	Microsoft	Microsoft 365 Copilot -	Jun 18, 2026	CVE
HIGH 7.7	CVE-2026-54017	Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal_CVE-2026-54017 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse prox...	open-webui	open-webui < 0.9.6	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-49205	phpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix)_CVE-2026-49205 phpMyFAQ is an open source FAQ web application. Versions prior to 4.1.4 have Missing Authorization in the API CategoryController. CVE-2026-24421 a...	thorsten	phpMyFAQ < 4.1.4	Jun 18, 2026	CVE
CRITICAL 9.9	CVE-2026-47647	Dynamics 365 Elevation of Privilege Vulnerability_CVE-2026-47647 {“lastseen”:””,”description”:””,”published”:”2026-06-18T21:42:40.084Z”,&#82...	Microsoft	Microsoft Dynamics 365 -	Jun 18, 2026	CVE
HIGH 7.5	CVE-2026-47633	Microsoft Cost Management Information Disclosure Vulnerability_CVE-2026-47633 {“lastseen”:””,”description”:””,”published”:”2026-06-18T21:37:36.850Z”,&#82...	Microsoft	Microsoft Cost Management -	Jun 18, 2026	CVE
HIGH 7.7	CVE-2026-32174	Azure Bot Service Elevation of Privilege Vulnerability_CVE-2026-32174 {“lastseen”:””,”description”:””,”published”:”2026-06-18T21:39:17.817Z”,&#82...	Microsoft	Azure AI Bot Service -	Jun 18, 2026	CVE
MEDIUM 4.8	CVE-2026-22674	Hashgraph Guardian Stored XSS via branding companyName field_CVE-2026-22674 Hashgraph Guardian through 3.5.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users wit...	hashgraph	guardian	Jun 18, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)_CVE-2026-45696

Recent Advisories

Hardcoded credentials in embedded content_CVE-2026-8668

CVE-2026-8100_CVE-2026-8100

M365 Copilot Information Disclosure Vulnerability_CVE-2026-54130

Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal_CVE-2026-54017

phpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix)_CVE-2026-49205

Dynamics 365 Elevation of Privilege Vulnerability_CVE-2026-47647

Microsoft Cost Management Information Disclosure Vulnerability_CVE-2026-47633

Azure Bot Service Elevation of Privilege Vulnerability_CVE-2026-32174

Hashgraph Guardian Stored XSS via branding companyName field_CVE-2026-22674

Protect Your Attack Surface with RedGem

Security Intelligence
Feed