Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

358 New today

66,066 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

386

Jun 26

Jun 27

Critical

High

Medium

Low

Latest

CVE CVSS 8.1

extract-zip unvalidated symlink path traversal_CVE-2026-56876

extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the e...

CVE-2026-56876 max-mapper extract-zip

Jun 26, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.3	CVE-2026-55448	mise: Local credential_command executes untrusted config_CVE-2026-55448 mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_command from local proj...	jdx	mise < 2026.6.4	Jun 26, 2026	CVE
HIGH 8.6	CVE-2026-55441	mise: Arbitrary command execution via task-include files in an untrusted, config-less repository_CVE-2026-55441 mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (mise.toml, .tool-versio...	jdx	mise < 2026.6.4	Jun 26, 2026	CVE
MEDIUM 5.5	CVE-2026-54557	mise HTTP backend uses raw version path for install symlink destination_CVE-2026-54557 mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination fro...	jdx	mise < 2026.6.1	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-54341	Dragonfly: RESTORE operations may crash the server_CVE-2026-54341 Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds r...	dragonflydb	dragonfly < 1.39.0	Jun 26, 2026	CVE
LOW 2.3	CVE-2026-47206	Dragonfly: RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer_CVE-2026-47206 Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis...	dragonflydb	dragonfly < 1.38.9	Jun 26, 2026	CVE
CRITICAL 9.6	CVE-2026-33646	mise: Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)_CVE-2026-33646 mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template e...	jdx	mise < 2026.3.10	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-48743	Envoy: HTTP/3 to HTTP/1 request smuggling via headers-only request with nonzero Content-Length_CVE-2026-48743 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can tran...	envoyproxy	envoy >= 1.38.0, < 1.38.1	Jun 26, 2026	CVE
MEDIUM 5.9	CVE-2026-48706	Envoy Heap Buffer Overflow in TcpStatsdSink_CVE-2026-48706 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vul...	envoyproxy	envoy >= 1.38.0, < 1.38.3	Jun 26, 2026	CVE
MEDIUM 5.9	CVE-2026-48497	Envoy: Abnormal process termination in DNS UDP filter_CVE-2026-48497 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where...	envoyproxy	envoy >= 1.38.0, < 1.38.1	Jun 26, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

extract-zip unvalidated symlink path traversal_CVE-2026-56876

Recent Advisories

mise: Local credential_command executes untrusted config_CVE-2026-55448

mise: Arbitrary command execution via task-include files in an untrusted, config-less repository_CVE-2026-55441

mise HTTP backend uses raw version path for install symlink destination_CVE-2026-54557

Dragonfly: RESTORE operations may crash the server_CVE-2026-54341

Dragonfly: RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer_CVE-2026-47206

mise: Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)_CVE-2026-33646

Envoy: HTTP/3 to HTTP/1 request smuggling via headers-only request with nonzero Content-Length_CVE-2026-48743

Envoy Heap Buffer Overflow in TcpStatsdSink_CVE-2026-48706

Envoy: Abnormal process termination in DNS UDP filter_CVE-2026-48497

Protect Your Attack Surface with RedGem

Security Intelligence
Feed