Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

217 New today

62,171 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

May 31

417

Jun 1

295

Jun 2

151

Jun 3

354

Jun 4

517

Jun 5

109

Jun 6

Jun 7

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Critical

High

Medium

Low

Latest

CVE CVSS 8.7

Naxclow IoT Platform Missing Authorization_CVE-2026-50108

The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary de...

CVE-2026-50108 Naxclow Smart Doorbell X3 All

Jun 12, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.2	CVE-2026-50101	Naxclow IoT Platform Not using password aging_CVE-2026-50101 Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credent...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-50099	Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory_CVE-2026-50099 During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART conso...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-50008	Parse Server: Server option routeAllowList is bypassable through batch sub-requests_CVE-2026-50008 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-...	parse-community	parse-server >= 9.8.0, < 9.9.1-alpha.3	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-47248	Parse Server: GraphQL “Did you mean” validation suggestions disclose schema to unauthenticated callers_CVE-2026-47248 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2,...	parse-community	parse-server < 8.6.78	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-47236	Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission_CVE-2026-47236 Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions...	solidtime-io	solidtime < 0.12.2	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-47138	Parse Server: Pre-authentication denial of service via client version header regex backtracking_CVE-2026-47138 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1,...	parse-community	parse-server < 8.6.77	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-42947	Naxclow IoT Platform Authorization bypass through User-Controlled key_CVE-2026-42947 A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an ar...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-42932	Naxclow IoT Platform Generation of Predictable Numbers or Identifiers_CVE-2026-42932 Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identif...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
HIGH 7.2	CVE-2026-42306	Moby: Race condition in docker cp allows bind mount redirection to host path_CVE-2026-42306 Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prio...	moby	moby github.com/docker/docker/daemon <= 28.5.2	Jun 12, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Naxclow IoT Platform Missing Authorization_CVE-2026-50108

Recent Advisories

Naxclow IoT Platform Not using password aging_CVE-2026-50101

Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory_CVE-2026-50099

Parse Server: Server option routeAllowList is bypassable through batch sub-requests_CVE-2026-50008

Parse Server: GraphQL “Did you mean” validation suggestions disclose schema to unauthenticated callers_CVE-2026-47248

Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission_CVE-2026-47236

Parse Server: Pre-authentication denial of service via client version header regex backtracking_CVE-2026-47138

Naxclow IoT Platform Authorization bypass through User-Controlled key_CVE-2026-42947

Naxclow IoT Platform Generation of Predictable Numbers or Identifiers_CVE-2026-42932

Moby: Race condition in docker cp allows bind mount redirection to host path_CVE-2026-42306

Protect Your Attack Surface with RedGem

Security Intelligence
Feed