Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

97 New today

64,392 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

Jun 22

Critical

High

Medium

Low

Latest

CVE CVSS 8.8

Vitepos < 3.4.2 - Outlet Manager+ Privilege Escalation_CVE-2026-8157

The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to admi...

CVE-2026-8157 Unknown Vitepos

Jun 22, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-7859	Motors Car Dealership & Classified Listings < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media_CVE-2026-7859 The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated...	Unknown	Motors	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-6858	Transbank Webpay < 1.14.0 - Unauthenticated Stored XSS_CVE-2026-6858 The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform St...	Unknown	Transbank Webpay	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-4259	Ultimate WooCommerce Auction Pro <= 2.4.5 - Reflected XSS via uwa_manage_auctions_CVE-2026-4259 The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page,...	Unknown	ultimate-woocommerce-auction-pro	Jun 22, 2026	CVE
MEDIUM 5.1	CVE-2026-12863	Open redirect_CVE-2026-12863 An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains.	pretix	Venueless 0.0.0	Jun 22, 2026	CVE
CRITICAL 9.4	CVE-2026-56422	MISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request Fields_CVE-2026-56422 Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys (id) and ownership/scope fore...	misp	misp	Jun 22, 2026	CVE
MEDIUM 4.3	CVE-2026-9162	Global session revocation does not invalidate active WebSocket connections_CVE-2026-9162 Mattermost versions 11.7.x	Mattermost	Mattermost 11.7.0	Jun 22, 2026	CVE
HIGH 7.3	CVE-2026-9029	Stored XSS via Geomap Panel Template Variable Attribution Injection_CVE-2026-9029 The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent() runs on the raw template string before g...	Grafana	Grafana OSS 12.4.0	Jun 22, 2026	CVE
LOW 3.8	CVE-2026-8074	Improper Permission Check Allows User Manager to Deactivate Bot Accounts_CVE-2026-8074 Mattermost versions 11.7.x	Mattermost	Mattermost 11.7.0	Jun 22, 2026	CVE
MEDIUM 6.9	CVE-2026-7167	Multiple vulnerabilities in the Assassin game by Gaudire_CVE-2026-7167 The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fak...	Gaudire	Assassin game last version	Jun 22, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Vitepos < 3.4.2 - Outlet Manager+ Privilege Escalation_CVE-2026-8157

Recent Advisories

Motors Car Dealership & Classified Listings < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media_CVE-2026-7859

Transbank Webpay < 1.14.0 - Unauthenticated Stored XSS_CVE-2026-6858

Ultimate WooCommerce Auction Pro <= 2.4.5 - Reflected XSS via uwa_manage_auctions_CVE-2026-4259

Open redirect_CVE-2026-12863

MISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request Fields_CVE-2026-56422

Global session revocation does not invalidate active WebSocket connections_CVE-2026-9162

Stored XSS via Geomap Panel Template Variable Attribution Injection_CVE-2026-9029

Improper Permission Check Allows User Manager to Deactivate Bot Accounts_CVE-2026-8074

Multiple vulnerabilities in the Assassin game by Gaudire_CVE-2026-7167

Protect Your Attack Surface with RedGem

Security Intelligence
Feed