Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

316 New today

62,159 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

May 31

417

Jun 1

295

Jun 2

151

Jun 3

354

Jun 4

517

Jun 5

109

Jun 6

Jun 7

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Critical

High

Medium

Low

Latest

CVE CVSS 5.1

Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory_CVE-2026-50099

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell...

CVE-2026-50099 Naxclow Smart Doorbell X3 All

Jun 12, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-50008	Parse Server: Server option routeAllowList is bypassable through batch sub-requests_CVE-2026-50008 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-...	parse-community	parse-server >= 9.8.0, < 9.9.1-alpha.3	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-47248	Parse Server: GraphQL “Did you mean” validation suggestions disclose schema to unauthenticated callers_CVE-2026-47248 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2,...	parse-community	parse-server < 8.6.78	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-47236	Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission_CVE-2026-47236 Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions...	solidtime-io	solidtime < 0.12.2	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-47138	Parse Server: Pre-authentication denial of service via client version header regex backtracking_CVE-2026-47138 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1,...	parse-community	parse-server < 8.6.77	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-42947	Naxclow IoT Platform Authorization bypass through User-Controlled key_CVE-2026-42947 A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an ar...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-42932	Naxclow IoT Platform Generation of Predictable Numbers or Identifiers_CVE-2026-42932 Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identif...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
HIGH 7.2	CVE-2026-42306	Moby: Race condition in docker cp allows bind mount redirection to host path_CVE-2026-42306 Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prio...	moby	moby github.com/docker/docker/daemon <= 28.5.2	Jun 12, 2026	CVE
MEDIUM 6.1	CVE-2026-41568	Moby: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap_CVE-2026-41568 Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prio...	moby	moby github.com/docker/docker/daemon <= 28.5.2	Jun 12, 2026	CVE
CRITICAL 9.2	CVE-2026-28742	Naxclow IoT Platform Use of hard-coded cryptographic key_CVE-2026-28742 Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is ...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory_CVE-2026-50099

Recent Advisories

Parse Server: Server option routeAllowList is bypassable through batch sub-requests_CVE-2026-50008

Parse Server: GraphQL “Did you mean” validation suggestions disclose schema to unauthenticated callers_CVE-2026-47248

Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission_CVE-2026-47236

Parse Server: Pre-authentication denial of service via client version header regex backtracking_CVE-2026-47138

Naxclow IoT Platform Authorization bypass through User-Controlled key_CVE-2026-42947

Naxclow IoT Platform Generation of Predictable Numbers or Identifiers_CVE-2026-42932

Moby: Race condition in docker cp allows bind mount redirection to host path_CVE-2026-42306

Moby: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap_CVE-2026-41568

Naxclow IoT Platform Use of hard-coded cryptographic key_CVE-2026-28742

Protect Your Attack Surface with RedGem

Security Intelligence
Feed