Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

54 New today
64,228 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

255
Jun 8
658
Jun 9
351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
11
Jun 21
Critical
High
Medium
Low
Latest
CVE CVSS 7.6

conda-smithy vulnerable to misrouted repository invitation by conda-forge-webservices[bot] due to GitHub username takeover leading to unintended write access in conda-forge feedstock repository_CVE-2026-46699

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositorie...

CVE-2026-46699 conda-forge conda-smithy < 3.61.0
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.3 CVE-2026-45696

OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)_CVE-2026-45696

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 t...

AcademySoftwareFoundation openexr >= 3.4.0, < 3.4.11 CVE
LOW 2.3 CVE-2026-8668

Hardcoded credentials in embedded content_CVE-2026-8668

A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues.  Queue messages contained ten...

Progress Chef Chef360 CVE
HIGH 8.6 CVE-2026-8100

CVE-2026-8100_CVE-2026-8100

Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions....

Progress Chef Chef360 CVE
CRITICAL 9.8 CVE-2026-54130

M365 Copilot Information Disclosure Vulnerability_CVE-2026-54130

{“lastseen”:””,”description”:””,”published”:”2026-06-18T21:42:39.358Z”,&#82...

Microsoft Microsoft 365 Copilot - CVE
HIGH 7.7 CVE-2026-54017

Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal_CVE-2026-54017

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse prox...

open-webui open-webui < 0.9.6 CVE
MEDIUM 6.5 CVE-2026-49205

phpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix)_CVE-2026-49205

phpMyFAQ is an open source FAQ web application. Versions prior to 4.1.4 have Missing Authorization in the API CategoryController. CVE-2026-24421 a...

thorsten phpMyFAQ < 4.1.4 CVE
CRITICAL 9.9 CVE-2026-47647

Dynamics 365 Elevation of Privilege Vulnerability_CVE-2026-47647

{“lastseen”:””,”description”:””,”published”:”2026-06-18T21:42:40.084Z”,&#82...

Microsoft Microsoft Dynamics 365 - CVE
HIGH 7.5 CVE-2026-47633

Microsoft Cost Management Information Disclosure Vulnerability_CVE-2026-47633

{“lastseen”:””,”description”:””,”published”:”2026-06-18T21:37:36.850Z”,&#82...

Microsoft Microsoft Cost Management - CVE
HIGH 7.7 CVE-2026-32174

Azure Bot Service Elevation of Privilege Vulnerability_CVE-2026-32174

{“lastseen”:””,”description”:””,”published”:”2026-06-18T21:39:17.817Z”,&#82...

Microsoft Azure AI Bot Service - CVE