Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

147 New today

64,446 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

125

Jun 22

Critical

High

Medium

Low

Latest

CVE CVSS 6.9

OpenBSD mpls_do_error Kernel Stack Memory Disclosure via MPLS Input_CVE-2026-56099

OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Sta...

CVE-2026-56099 openbsd src

Jun 18, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.8	CVE-2026-48983	pam_usb: TOCTOU race condition in pad directory creation allows symlink substitution_CVE-2026-48983 pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, a symlink race condition exists in p...	mcdope	pam_usb < 0.9.2	Jun 18, 2026	CVE
MEDIUM 5.8	CVE-2026-48982	pam_usb: Missing O_EXCL on pad temp file creation allows concurrent update race_CVE-2026-48982 pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a...	mcdope	pam_usb < 0.9.2	Jun 18, 2026	CVE
MEDIUM 6.7	CVE-2026-48981	pam_usb: xmlReadFile flags=0 permits XXE network entity fetching in conf.c_CVE-2026-48981 pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, pam_usb calls xmlReadFile() with fla...	mcdope	pam_usb < 0.9.2	Jun 18, 2026	CVE
MEDIUM 6.3	CVE-2026-48980	pam_usb: getenv() used in PAM context allows environment variable injection into local-check logic_CVE-2026-48980 pam_usb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv() environment variables XRDP_SESSION,...	mcdope	pam_usb < 0.9.2	Jun 18, 2026	CVE
NONE	THN:61A3E81EE06...	Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites_THN:61A3E81EE060D294ED20FB1D0B47CAB5 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1-D7cu6ZQpoZXfPa_eYHuQijjkt6mJRjmoIS9eSnCGPPgyXNz-AChti_zkCGmlefTdBm5bvbyxXbrJVbpVJ...	N/A	N/A	Jun 19, 2026	THN
HIGH 8.7	CVE-2026-48716	nanobot: Path traversal via unsanitized WhatsApp document fileName enables arbitrary file write_CVE-2026-48716 nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path u...	HKUDS	nanobot <= 0.1.5.post3	Jun 18, 2026	CVE
MEDIUM 5.3	CVE-2026-47847	CVE-2026-47847_CVE-2026-47847 Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication healt...	Bitnami	bitnami/mariadb-galera 10.6.0	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-47846	CVE-2026-47846_CVE-2026-47846 Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured vi...	Bitnami	bitnami/cassandra 4.0.0	Jun 18, 2026	CVE
MEDIUM 5.4	CVE-2026-43915	Coturn: Stored Cross-Site Scripting (XSS) in web-admin interface via TURN username_CVE-2026-43915 Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting (XSS) vulnerabi...	coturn	coturn < 4.11.0	Jun 18, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

OpenBSD mpls_do_error Kernel Stack Memory Disclosure via MPLS Input_CVE-2026-56099

Recent Advisories

pam_usb: TOCTOU race condition in pad directory creation allows symlink substitution_CVE-2026-48983

pam_usb: Missing O_EXCL on pad temp file creation allows concurrent update race_CVE-2026-48982

pam_usb: xmlReadFile flags=0 permits XXE network entity fetching in conf.c_CVE-2026-48981

pam_usb: getenv() used in PAM context allows environment variable injection into local-check logic_CVE-2026-48980

Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites_THN:61A3E81EE060D294ED20FB1D0B47CAB5

nanobot: Path traversal via unsanitized WhatsApp document fileName enables arbitrary file write_CVE-2026-48716

CVE-2026-47847_CVE-2026-47847

CVE-2026-47846_CVE-2026-47846

Coturn: Stored Cross-Site Scripting (XSS) in web-admin interface via TURN username_CVE-2026-43915

Protect Your Attack Surface with RedGem

Security Intelligence
Feed