Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

327 New today
65,672 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
9
Jun 26
Critical
High
Medium
Low
Latest
CVE CVSS 7.7

Warp: OS command injection when opening terminal links from WSL_CVE-2026-54699

Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls...

CVE-2026-54699 warpdotdev warp >= 0.2024.03.12.08.02.stable_01, < 0.2026.05.13.09.15.stable_01
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.3 CVE-2026-54686

Warp: DCS lifecycle hook spoofing can alter terminal session metadata_CVE-2026-54686

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepted certain state-mutat...

warpdotdev warp >= 0.2021.04.25.23.05.stable_00, < 0.2026.05.13.09.15.stable_01 CVE
HIGH 8.7 CVE-2026-49851

Mistune: Potential DoS via quadratic-time parsing in parse_link_text_CVE-2026-49851

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (a...

lepture mistune < 3.3.0 CVE
MEDIUM 4.3 CVE-2026-48789

AnythingLLM: Windows path containment bypass in document folder route_CVE-2026-48789

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Win...

Mintplex-Labs anything-llm < 1.13.0 CVE
HIGH 8.8 CVE-2026-48732

Warp: Remote SSH cwd can lead to unauthorized remote command execution_CVE-2026-48732

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection...

warpdotdev warp >= 0.2023.03.21.08.02.stable_00, < 0.2026.05.13.09.15.stable_01 CVE
HIGH 7.8 CVE-2026-48731

Warp: Linux external editor command injection_CVE-2026-48731

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection...

warpdotdev warp >= 0.2024.02.20.08.01.stable_01, < 0.2026.05.13.09.15.stable_01 CVE
HIGH 8.1 CVE-2026-48725

Warp may allow terminal output to access the local clipboard through OSC 52_CVE-2026-48725

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp allows terminal output to re...

warpdotdev warp >= 0.2021.04.25.23.05.stable_00, < v0.2026.05.13.09.15.stable_01 CVE
HIGH 8.6 CVE-2026-48721

Warp: Env-var prefixes can lead to denylisted command autoexecution_CVE-2026-48721

Warp is an agentic development environment. From 0.2025.10.08.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution...

warpdotdev warp >= 0.2025.10.08.08.12.stable_00, < 0.2026.05.13.09.15.stable_01 CVE
HIGH 8.8 CVE-2026-48720

Warp: SSH remote output can lead to local file overwrite and persistence_CVE-2026-48720

Warp is an agentic development environment. From 0.2025.03.05.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepts non-inline `OSC 1337...

warpdotdev warp >= 0.2025.03.05.08.02.stable_00, < 0.2026.05.13.09.15.stable_01 CVE
HIGH 8 CVE-2026-48719

Warp branch selector command injection via Git branch names_CVE-2026-48719

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection...

warpdotdev warp >= 0.2025.08.06.08.12.stable_00, < 0.2026.05.13.09.15.stable_01 CVE