Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

284 New today
64,932 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
Jun 24
Critical
High
Medium
Low
Latest
CVE CVSS 6

Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services_CVE-2026-54761

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple (WRR) backendRefs, Traefik ...

CVE-2026-54761 traefik traefik < 3.6.21
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.8 CVE-2026-54555

rtk: Permission-gate bypass in rtk rewrite auto-allow via unsplit shell separators_CVE-2026-54555

rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively spli...

rtk-ai rtk < 0.42.2 CVE
HIGH 7.3 CVE-2026-54328

Pi: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts_CVE-2026-54328

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictabl...

earendil-works pi >= 0.74.0, < 0.78.1 CVE
LOW 2.2 CVE-2026-54327

Pi: Race condition in auth.json writes could expose stored credentials_CVE-2026-54327

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi stored API keys and OAuth credentials in auth.json. A race condition in the f...

earendil-works pi >= 0.74.0, < 0.78.1 CVE
LOW 2.5 CVE-2026-54326

Pi: Potential XSS in HTML session exports via Markdown URL sanitization bypass_CVE-2026-54326

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not cons...

earendil-works pi >= 0.74.0, < 0.78.1 CVE
MEDIUM 4.4 CVE-2026-54325

Pi loads project-local extensions without approval_CVE-2026-54325

Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory withou...

earendil-works pi < 0.79.0 CVE
HIGH 7.8 CVE-2026-53622

Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts_CVE-2026-53622

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration ...

traefik traefik < 3.7.3 CVE
HIGH 7.8 CVE-2026-48491

Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass_CVE-2026-48491

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting pro...

traefik traefik >= 3.7.0, < 3.7.3 CVE
HIGH 7.8 CVE-2026-48020

Traefik StripPrefix Route-Level Auth Bypass via Path Normalization_CVE-2026-48020

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripP...

traefik traefik >= 3.7.0-ea.1, < 3.7.3 CVE
MEDIUM 6.9 CVE-2026-45792

RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM_CVE-2026-45792

rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK (Rust Token Killer) improperly trusts project-l...

rtk-ai rtk < 0.32.0 CVE