Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

234 New today
65,164 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
232
Jun 24
Critical
High
Medium
Low
Latest
CVE CVSS 7.5

Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters_CVE-2026-54297

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforc...

CVE-2026-54297 lostisland faraday >= 1.0.0, < 1.10.6
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.8 CVE-2026-13164

Unauthenticated self-registration in MailerUp allows access to stored email data_CVE-2026-13164

Missing Authentication for Critical Function (CWE-306) in the RegisterView (apps/accounts/views.py), exposed at POST /api/auth/register/, in MailerUp

Mailerup Mailerup CVE
HIGH 7.7 CVE-2026-54699

Warp: OS command injection when opening terminal links from WSL_CVE-2026-54699

Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injec...

warpdotdev warp >= 0.2024.03.12.08.02.stable_01, < 0.2026.05.13.09.15.stable_01 CVE
MEDIUM 4.3 CVE-2026-54686

Warp: DCS lifecycle hook spoofing can alter terminal session metadata_CVE-2026-54686

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepted certain state-mutat...

warpdotdev warp >= 0.2021.04.25.23.05.stable_00, < 0.2026.05.13.09.15.stable_01 CVE
HIGH 8.7 CVE-2026-49851

Mistune: Potential DoS via quadratic-time parsing in parse_link_text_CVE-2026-49851

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (a...

lepture mistune < 3.3.0 CVE
MEDIUM 4.3 CVE-2026-48789

AnythingLLM: Windows path containment bypass in document folder route_CVE-2026-48789

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Win...

Mintplex-Labs anything-llm < 1.13.0 CVE
HIGH 8.8 CVE-2026-48732

Warp: Remote SSH cwd can lead to unauthorized remote command execution_CVE-2026-48732

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection...

warpdotdev warp >= 0.2023.03.21.08.02.stable_00, < 0.2026.05.13.09.15.stable_01 CVE
HIGH 7.8 CVE-2026-48731

Warp: Linux external editor command injection_CVE-2026-48731

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection...

warpdotdev warp >= 0.2024.02.20.08.01.stable_01, < 0.2026.05.13.09.15.stable_01 CVE
HIGH 8.1 CVE-2026-48725

Warp may allow terminal output to access the local clipboard through OSC 52_CVE-2026-48725

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp allows terminal output to re...

warpdotdev warp >= 0.2021.04.25.23.05.stable_00, < v0.2026.05.13.09.15.stable_01 CVE
HIGH 8.6 CVE-2026-48721

Warp: Env-var prefixes can lead to denylisted command autoexecution_CVE-2026-48721

Warp is an agentic development environment. From 0.2025.10.08.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution...

warpdotdev warp >= 0.2025.10.08.08.12.stable_00, < 0.2026.05.13.09.15.stable_01 CVE