Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

308 New today
65,585 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
298
Jun 25
Critical
High
Medium
Low
Latest
CVE CVSS 6.5

Joomla Extension – getk2.com – Authenticated user property mass-assignment in K2 extension for Joomla < 2.26_CVE-2026-48943

K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin `plg_user_k2`. A Registered Joomla user, by including the field `K2UserForm=1` in a standard `com_users` `profile.save` POST, can write arbitrary values into the `notes`, `image`, and `plugins` columns of...

CVE-2026-48943 getk2.com K2 extension for Joomla 1.0-2.26
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-48941

Joomla Extension – getk2.com – Unauthenticated folder delete in K2 extension for Joomla < 2.26_CVE-2026-48941

The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()`...

getk2.com K2 extension for Joomla 1.0-2.26 CVE
LOW 3.4 CVE-2026-48940

Joomla Extension – getk2.com – Stored-XSS in K2 extension for Joomla < 2.26_CVE-2026-48940

A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `` tag; K2 s...

getk2.com K2 extension for Joomla 1.0-2.26 CVE
HIGH 7.5 CVE-2026-12844

List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function_CVE-2026-12844

List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by...

DROLSKY List::SomeUtils::XS CVE
HIGH 7.8 CVE-2026-54917

SeaweedFS: Path traversal in the S3 and Iceberg REST gateways allows cross-bucket access_CVE-2026-54917

SeaweedFS is a distributed storage system for object storage (S3), file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceb...

seaweedfs seaweedfs < 4.30 CVE
CRITICAL 9.3 CVE-2026-50549

Cursor Desktop sandbox escape via symlink and failed path canonicalization_CVE-2026-50549

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, t...

cursor cursor < 3.0 CVE
CRITICAL 9.3 CVE-2026-50548

Cursor Desktop sandbox escape via agent-controlled working directory_CVE-2026-50548

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox g...

cursor cursor < 3.0 CVE
HIGH 7.1 CVE-2026-4930

DPA Countermeasures weakening on Series 3 devices_CVE-2026-4930

SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryp...

silabs.com Simplicity SDK CVE
MEDIUM 5.3 CVE-2026-28898

CVE-2026-28898_CVE-2026-28898

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTT...

Apple swift-nio-http2 CVE
LOW 2.3 CVE-2026-57522

Bitwarden Server < 2026.5.0 JSON Injection via Webhook Templates_CVE-2026-57522

Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens(), which substitutes user-co...

bitwarden server CVE