Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

324 New today

65,952 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

289

Jun 26

Critical

High

Medium

Low

Latest

CVE CVSS 5

SSRF via image import from URL allows internal network probing by authenticated users_CVE-2026-28385

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticated users with the can_create_images entitlement to interact with internal network infrastructure via the /images endpoint. When im...

CVE-2026-28385 Canonical lxd 6.0

Jun 26, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.9	CVE-2026-13434	Virt-controller-rhel9: kubevirt: kubevirt: multus default-network annotation injection via unvalidated tenant networkname when externalnetresourceinjection is enabled_CVE-2026-13434 A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, th...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-11779	PayloadCMS 3.84.1 – Authenticated account lockout bypass through default unlock access_CVE-2026-11779 An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.	PayloadCMS	PayloadCMS 3.84.1	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2025-32423	AutoGPT: There is a DoS vulnerability in ExtractTextInformationBlock_CVE-2025-32423 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there i...	Significant-Gravitas	AutoGPT < 0.6.32	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2025-32394	AutoGPT: There is a DoS vulnerability in AITextSummarizerBlock_CVE-2025-32394 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there i...	Significant-Gravitas	AutoGPT < 0.6.32	Jun 26, 2026	CVE
NONE	B6A66232-7621-	Sql-injection-scanner_B6A66232-7621-5872-A51D-EDDA3F824073 Sql-injection-scanner Developing a security scanning tool that can quickly, reliably, and automatically detect SQL Injection vulnerabilities in web...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
NONE	THN:7A6FC6E72B7...	Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign_THN:7A6FC6E72B7906A66B33E84A6B61E75E ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHsYcZgd4WIkN0k-b4_j7JxBgi0R0dzj0jSwSWVgItyIy88VoZK5z8BAiwjmYnou7YLrNuckCgQvnHXV2KYH...	N/A	N/A	Jun 26, 2026	THN
NONE	H1:3823932	curl: CURLOPT_HAPROXY_CLIENT_IP lacks input validation, enabling HAProxy PROXY protocol injection_H1:3823932 Summary The CURLOPT_HAPROXY_CLIENT_IP option accepts an arbitrary string without validating that it is a valid IP address, and without stripping...	N/A	N/A	Jun 25, 2026	HACKERONE
NONE	H1:3826199	curl: mbedTLS / wolfSSL / rustls backends silently skip hostname verification when CURLOPT_SSL_VERIFYPEER=0_H1:3826199 ## Summary When an application sets `CURLOPT_SSL_VERIFYPEER=0` while keeping `CURLOPT_SSL_VERIFYHOST=2` (the default), the mbedTLS, wolfSSL, and r...	N/A	N/A	Jun 26, 2026	HACKERONE
MEDIUM 6.1	CVE-2025-60465	CVE-2025-60465_CVE-2025-60465 A use-after-free in the gf_filter_pid_inst_swap function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to caus...	n/a	n/a n/a	Jun 25, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

SSRF via image import from URL allows internal network probing by authenticated users_CVE-2026-28385

Recent Advisories

Virt-controller-rhel9: kubevirt: kubevirt: multus default-network annotation injection via unvalidated tenant networkname when externalnetresourceinjection is enabled_CVE-2026-13434

PayloadCMS 3.84.1 – Authenticated account lockout bypass through default unlock access_CVE-2026-11779

AutoGPT: There is a DoS vulnerability in ExtractTextInformationBlock_CVE-2025-32423

AutoGPT: There is a DoS vulnerability in AITextSummarizerBlock_CVE-2025-32394

Sql-injection-scanner_B6A66232-7621-5872-A51D-EDDA3F824073

Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign_THN:7A6FC6E72B7906A66B33E84A6B61E75E

curl: CURLOPT_HAPROXY_CLIENT_IP lacks input validation, enabling HAProxy PROXY protocol injection_H1:3823932

curl: mbedTLS / wolfSSL / rustls backends silently skip hostname verification when CURLOPT_SSL_VERIFYPEER=0_H1:3826199

CVE-2025-60465_CVE-2025-60465

Protect Your Attack Surface with RedGem

Security Intelligence
Feed