Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

34 New today
62,201 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

417
Jun 1
295
Jun 2
151
Jun 3
354
Jun 4
517
Jun 5
109
Jun 6
32
Jun 7
255
Jun 8
658
Jun 9
351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
Jun 14
Critical
High
Medium
Low
Latest
CVE CVSS 6.1

Moby: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap_CVE-2026-41568

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or di...

CVE-2026-41568 moby moby github.com/docker/docker/daemon <= 28.5.2
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.2 CVE-2026-28742

Naxclow IoT Platform Use of hard-coded cryptographic key_CVE-2026-28742

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is ...

Naxclow Smart Doorbell X3 All CVE
HIGH 8.7 CVE-2026-12143

form-data does not escape CR/LF/quote in multipart field names and filenames (CRLF injection)_CVE-2026-12143

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `field` argument to `FormData#append` and ...

form-data form-data CVE
HIGH 8.8 CVE-2026-12043

Heap double-free in AWS Common Runtime aws-c-http_CVE-2026-12043

Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a se...

AWS aws-c-http 0.4.22 CVE
MEDIUM 5.1 CVE-2026-10715

Camaleon CMS 2.9.2 – Improper authorization in draft autosave endpoint_CVE-2026-10715

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated us...

Camaleon CMS Camaleon CMS 2.9.2 CVE
MEDIUM 5.1 CVE-2026-54357

MISP improper authorization allows organization administrators to modify site administrator user settings_CVE-2026-54357

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to ...

misp misp CVE
MEDIUM 6.3 CVE-2026-50552

Koel: Server-Side Request Forgery (SSRF) in radio station creation due to missing validation bail_CVE-2026-50552

Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery (SSRF) vulnerability in t...

koel koel < 9.7.1 CVE
HIGH 8.7 CVE-2026-50287

Missing Authentication for Critical Function in @agenticmail/mcp_CVE-2026-50287

AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport w...

agenticmail agenticmail < 0.9.27 CVE
HIGH 7.7 CVE-2026-47260

Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs_CVE-2026-47260

Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule (DNS resolut...

koel koel < 9.3.5 CVE
MEDIUM 5.3 CVE-2026-43872

actual-server has a path traversal vulnerability_CVE-2026-43872

Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. V...

actualbudget actual < 26.5.0 CVE