Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

66 New today

64,343 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

Jun 22

Critical

High

Medium

Low

Latest

CVE CVSS 6.8

PraisonAI – Tool Approval Cache Bypass via Coarse-Grained Caching_CVE-2026-56074

PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent execute_command calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate...

CVE-2026-56074 PraisonAI PraisonAI

Jun 18, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-52866	Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Missing Authorization_CVE-2026-52866 An attacker within BLE communication range can monopolize the device's only available BLE connection slot, preventing legitimate users or applica...	Apollo Pharmacy	Blood Glucose Monitoring System (Model No. APG-01 BT) 0x0110_v1.1.0	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-50034	Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Cleartext Transmission of Sensitive Information_CVE-2026-50034 An attacker within BLE communication range can passively intercept wireless traffic and obtain sensitive health-related information, including gl...	Apollo Pharmacy	Blood Glucose Monitoring System (Model No. APG-01 BT) 0x0110_v1.1.0	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-40624	AVer PTC cameras Files or Directories Accessible to External Parties_CVE-2026-40624 Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary...	AVer	PTC500S *	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-12050	pgAdmin 4: SQL injection in named restore point endpoint_CVE-2026-12050 SQL injection in pgAdmin 4's named restore point endpoint (POST /browser/server/restore_point/{gid}/{sid}). The user-supplied 'value' field was int...	pgadmin.org	pgAdmin 4 1.0	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-12049	pgAdmin 4: Open redirect in multi-factor authentication flow via unvalidated ‘next’ parameter_CVE-2026-12049 Open redirect in pgAdmin 4's multi-factor authentication flow. The MFA validate and register endpoints honoured the user-supplied 'next' query/form...	pgadmin.org	pgAdmin 4 6.0	Jun 18, 2026	CVE
CRITICAL 9.3	CVE-2026-12048	pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser_CVE-2026-12048 Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messa...	pgadmin.org	pgAdmin 4 6.0	Jun 18, 2026	CVE
LOW 3.5	CVE-2026-12047	pgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised SDK exception text_CVE-2026-12047 HTML injection in pgAdmin 4's cloud deployment module. The verify_credentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /...	pgadmin.org	pgAdmin 4 6.6	Jun 18, 2026	CVE
CRITICAL 9	CVE-2026-12046	pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution_CVE-2026-12046 Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/update_connec...	pgadmin.org	pgAdmin 4 6.9	Jun 18, 2026	CVE
CRITICAL 9	CVE-2026-12045	pgAdmin 4: AI Assistant read-only transaction bypass allows unauthorised writes and remote code execution_CVE-2026-12045 Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execut...	pgadmin.org	pgAdmin 4 9.13	Jun 18, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

PraisonAI – Tool Approval Cache Bypass via Coarse-Grained Caching_CVE-2026-56074

Recent Advisories

Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Missing Authorization_CVE-2026-52866

Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Cleartext Transmission of Sensitive Information_CVE-2026-50034

AVer PTC cameras Files or Directories Accessible to External Parties_CVE-2026-40624

pgAdmin 4: SQL injection in named restore point endpoint_CVE-2026-12050

pgAdmin 4: Open redirect in multi-factor authentication flow via unvalidated ‘next’ parameter_CVE-2026-12049

pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser_CVE-2026-12048

pgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised SDK exception text_CVE-2026-12047

pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution_CVE-2026-12046

pgAdmin 4: AI Assistant read-only transaction bypass allows unauthorised writes and remote code execution_CVE-2026-12045

Protect Your Attack Surface with RedGem

Security Intelligence
Feed