Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

220 New today

64,839 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

201

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 7.3

Deno Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)_CVE-2026-49401

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that...

CVE-2026-49401 denoland deno < 2.7.14

Jun 23, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.4	CVE-2026-44726	Deno: TLS retry copies stale upgrade hook, risking plaintext traffic_CVE-2026-44726 Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tls compatibility layer could cause a T...	denoland	deno >= 2.0.0, < 2.7.8	Jun 23, 2026	CVE
HIGH 7.1	CVE-2025-71382	MuPDF < 1.27.0-rc1 Stack Exhaustion DoS via EPUB CSS Rendering_CVE-2025-71382 MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a d...	ArtifexSoftware	mupdf	Jun 23, 2026	CVE
HIGH 7.5	CVE-2025-61029	CVE-2025-61029_CVE-2025-61029 An issue in the sqlo_untry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL st...	n/a	n/a n/a	Jun 23, 2026	CVE
HIGH 7.5	CVE-2025-61024	CVE-2025-61024_CVE-2025-61024 An issue in the sqlo_try_in_loop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted ...	n/a	n/a n/a	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-54324	Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join_CVE-2026-54324 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant author...	daytonaio	daytona < 0.185.0	Jun 23, 2026	CVE
MEDIUM 5.9	CVE-2026-54323	Daytona: Git credential leak via git clone with TLS verification disabled_CVE-2026-54323 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clon...	daytonaio	daytona < 0.185.0	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-54318	Home Assistant: Exported BroadcastReceiver allows local apps to spoof device location_CVE-2026-54318 Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager Broa...	home-assistant	core < 2026.5.3	Jun 23, 2026	CVE
HIGH 7.6	CVE-2026-54317	Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN_CVE-2026-54317 Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration regi...	home-assistant	core < 2026.6.0	Jun 23, 2026	CVE
CRITICAL 9	CVE-2026-54157	LobeHub: Unauthenticated SSRF in `/webapi/proxy`_CVE-2026-54157 LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy e...	lobehub	lobehub < 2.1.57	Jun 23, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Deno Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)_CVE-2026-49401

Recent Advisories

Deno: TLS retry copies stale upgrade hook, risking plaintext traffic_CVE-2026-44726

MuPDF < 1.27.0-rc1 Stack Exhaustion DoS via EPUB CSS Rendering_CVE-2025-71382

CVE-2025-61029_CVE-2025-61029

CVE-2025-61024_CVE-2025-61024

Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join_CVE-2026-54324

Daytona: Git credential leak via git clone with TLS verification disabled_CVE-2026-54323

Home Assistant: Exported BroadcastReceiver allows local apps to spoof device location_CVE-2026-54318

Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN_CVE-2026-54317

LobeHub: Unauthenticated SSRF in `/webapi/proxy`_CVE-2026-54157

Protect Your Attack Surface with RedGem

Security Intelligence
Feed