Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

346 New today
65,663 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
Jun 26
Critical
High
Medium
Low
Latest
CVE CVSS 8.4

OpenColorIO vulnerable to stack buffer overflow via unbounded `sscanf %s` in Spi3D (.spi3d) LUT parser_CVE-2026-42450

OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, `FileFormatSpi3D.cpp:163` uses `sscanf` with `%s` into 64-byte stack buffers when parsing LUT data lines. Input comes from `lineBuffer[4096]`, so a crafted .spi3d file can ove...

CVE-2026-42450 AcademySoftwareFoundation OpenColorIO < 2.5.2
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.6 CVE-2026-35025

ProFTPD ACL Bypass via /proc/self/root Path Prefix in RNFR_CVE-2026-35025

ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory AC...

ProFTPD Project ProFTPD 1.3.9b, 1.3.10rc2 CVE
CRITICAL 10 CVE-2026-12537

Unauthenticated Remote Code Execution in Gemini CLI CI/CD Workflows_CVE-2026-12537

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub A...

Google Cloud Gemini CLI CVE
CRITICAL 10 SECURELIST:25DF...

StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader_SECURELIST:25DF27E139AF4557190EDA740DEAB957

![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2026/06/24085803/SL-StrikeShark-featured-990x400.jpg) ## Introduction Durin...

N/A N/A SECURELIST
NONE MALWAREBYTES:0F...

“Total access to all your devices.” Sextortion scammers strike again_MALWAREBYTES:0FD9C7128A95FF6374187563C0B72426

At the moment, we’re seeing all kinds of sextortion emails. The scam is cheap to run, easy to automate, and apparently profitable enough that cyber...

N/A N/A MALWAREBYTES
NONE SCHNEIER:7A1236...

Embedding Forbidden Text in Spyware to Discourage AI Analysis_SCHNEIER:7A1236483F174AEC1AD949F80DF69235

At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. D...

N/A N/A SCHNEIER
NONE THN:E39759F4A03...

Dawn of the Apex Agentic Adversary_THN:E39759F4A03F44F39AA790935B0FBE4A

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuQ2GvCcnjBgMTXoXBXqazE9MU3nbNgeccOlWELBQOL9WcHHH4uXS1BKCrrmv6iWWAn6vu1LZJzpHl1MGetv...

N/A N/A THN
MEDIUM 5.5 CVE-2026-11968

Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) in TortoiseGit_CVE-2026-11968

Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit

TortoiseGit team TortoiseGit 1.8.10.0 CVE
MEDIUM 6.9 CVE-2026-13150

SSRF in Pentestify PDF generation endpoint via Host header_CVE-2026-13150

Server-Side Request Forgery (SSRF) (CWE-918) in the PDF generation endpoint GET /api/reports/{id}/pdf (backend/main.py) in ccyl13 Pentestify 1.0.0 ...

Pentestify Pentestify CVE
HIGH 7.8 4BA3261D-2DE6-

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel_4BA3261D-2DE6-5D66-AE25-4FA760E8F87D

rootpacket CVE-2026-31431 A Linux Docker-to-host cryptojacking toolkit captured from live attacks on Kinryū Labs honeypots. It breaks in through an...

N/A N/A GITHUBEXPLOIT