Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

46 New today

62,244 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

417

Jun 1

295

Jun 2

151

Jun 3

354

Jun 4

517

Jun 5

109

Jun 6

Jun 7

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

Critical

High

Medium

Low

Latest

CVE CVSS 5.3

MISP organisation logo path traversal allows retrieval of arbitrary PNG/SVG files_CVE-2026-54394

MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/...

CVE-2026-54394 misp misp

Jun 12, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.1	CVE-2026-54393	MISP Overmind theme stored XSS via unvalidated homepage setting_CVE-2026-54393 A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage endpoint previously saved the user-cont...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-54362	MISP template builder exposes non-visible custom galaxies across organisations_CVE-2026-54362 An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not ha...	misp	misp	Jun 12, 2026	CVE
HIGH 7.3	CVE-2026-54057	Kitty vulnerable to command injection via unsanitized OSC 21 query reply_CVE-2026-54057 Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 (color-control) query reply reflects attacker-controlled ...	kovidgoyal	kitty < 0.47.3	Jun 12, 2026	CVE
HIGH 7.6	CVE-2026-54056	Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging_CVE-2026-54056 Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, `kitten dnd` can allow a malicious remote drag-and-drop source to over...	kovidgoyal	kitty >= 0.47.0, < 0.47.2	Jun 12, 2026	CVE
LOW 3.7	CVE-2026-53607	@apostrophecms/file pretty-URL Vulnerable to Unauthenticated SSRF via Host header_CVE-2026-53607 ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when `prettyUrls: true` is enabled on `@...	apostrophecms	apostrophe <= 4.30.0	Jun 12, 2026	CVE
MEDIUM 5.4	CVE-2026-53606	sanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes_CVE-2026-53606 ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of...	apostrophecms	sanitize-html < 2.17.5	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-4870	Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions._CVE-2026-4870 IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recu...	IBM	Qiskit SDK 0.43.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-47264	Discourse: Don’t leak restricted tag group names via tag info_CVE-2026-47264 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-47263	Discourse: Prevent webhook payload disclosure on event redelivery_CVE-2026-47263 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

MISP organisation logo path traversal allows retrieval of arbitrary PNG/SVG files_CVE-2026-54394

Recent Advisories

MISP Overmind theme stored XSS via unvalidated homepage setting_CVE-2026-54393

MISP template builder exposes non-visible custom galaxies across organisations_CVE-2026-54362

Kitty vulnerable to command injection via unsanitized OSC 21 query reply_CVE-2026-54057

Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging_CVE-2026-54056

@apostrophecms/file pretty-URL Vulnerable to Unauthenticated SSRF via Host header_CVE-2026-53607

sanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes_CVE-2026-53606

Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions._CVE-2026-4870

Discourse: Don’t leak restricted tag group names via tag info_CVE-2026-47264

Discourse: Prevent webhook payload disclosure on event redelivery_CVE-2026-47263

Protect Your Attack Surface with RedGem

Security Intelligence
Feed