Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

155 New today

65,735 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

Jun 26

Critical

High

Medium

Low

Latest

CVE CVSS 8.7

Flowise – Unauthenticated OAuth Secrets Disclosure via /api/v1/loginmethod Endpoint_CVE-2026-56270

Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by pr...

CVE-2026-56270 Flowise Flowise

Jun 24, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-56269	Flowise – Weak Default Token Hash Secret in JWT Token Encryption_CVE-2026-56269 Flowise before 3.1.0 (npm package flowise, versions 3.0.13 and earlier) uses a weak hardcoded default value 'Secre$t' for the TOKEN_HASH_SECRET env...	Flowise	Flowise	Jun 24, 2026	CVE
MEDIUM 6.9	CVE-2026-56262	Crawl4AI – Unauthenticated Access to Monitor Endpoints via Docker API Server_CVE-2026-56262 Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to acce...	Crawl4AI	Crawl4AI	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-56257	Capgo – Authorization Bypass in App Ownership Transfer via Direct PostgREST Update_CVE-2026-56257 Capgo before 12.128.2 allows direct patching of public.apps.owner_org through PostgREST, bypassing the transfer_app() workflow and creating split-b...	Capgo	Capgo	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-56256	Capgo – Two-Factor Authentication Bypass via Organization Management API_CVE-2026-56256 Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization (ORG) management API endpoints (e.g...	Capgo	Capgo	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-56245	Supabase Capgo – Unauthenticated Cross-Tenant Build-Time Accounting Poisoning via record_build_time RPC_CVE-2026-56245 Supabase Capgo before 12.128.2 contains an authorization bypass vulnerability in the SECURITY DEFINER record_build_time RPC function that allows un...	Cap-go	capgo	Jun 24, 2026	CVE
NONE	MSSECURE:60CA47...	StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them_MSSECURE:60CA4794B9C1C6FE86B9F6D8449FB809 In this article 1. The role of infostealers: From credential theft to intrusion 2. StealC: Infostealer for rent 3. Amadey: Malware-as-a-serv...	N/A	N/A	Jun 24, 2026	MSSECURE
NONE	THN:E2EC3832AE6...	Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks_THN:E2EC3832AE69343D3B75867DA0A4F136 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl_D6QzBWfQRZAXbjo9RhhLXSedzJR2Q2sUQoQYnDxpC7yETzJgn3KnpT8CcoqlfXdqkcnTCNcEpR1QKphy7...	N/A	N/A	Jun 24, 2026	THN
HIGH 7.1	CVE-2026-56244	Capgo – Webhook Signing Secret Disclosure via Non-Admin API Key_CVE-2026-56244 Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies o...	Capgo	Capgo	Jun 24, 2026	CVE
CRITICAL 9.3	CVE-2026-56237	Capgo – Unauthenticated API Key Generation via Client-Side Parameter Manipulation_CVE-2026-56237 Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests...	Capgo	Capgo	Jun 24, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Flowise – Unauthenticated OAuth Secrets Disclosure via /api/v1/loginmethod Endpoint_CVE-2026-56270

Recent Advisories

Flowise – Weak Default Token Hash Secret in JWT Token Encryption_CVE-2026-56269

Crawl4AI – Unauthenticated Access to Monitor Endpoints via Docker API Server_CVE-2026-56262

Capgo – Authorization Bypass in App Ownership Transfer via Direct PostgREST Update_CVE-2026-56257

Capgo – Two-Factor Authentication Bypass via Organization Management API_CVE-2026-56256

Supabase Capgo – Unauthenticated Cross-Tenant Build-Time Accounting Poisoning via record_build_time RPC_CVE-2026-56245

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them_MSSECURE:60CA4794B9C1C6FE86B9F6D8449FB809

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks_THN:E2EC3832AE69343D3B75867DA0A4F136

Capgo – Webhook Signing Secret Disclosure via Non-Admin API Key_CVE-2026-56244

Capgo – Unauthenticated API Key Generation via Client-Side Parameter Manipulation_CVE-2026-56237

Protect Your Attack Surface with RedGem

Security Intelligence
Feed