Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

366 New today
67,195 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
386
Jun 26
53
Jun 27
318
Jun 28
284
Jun 29
427
Jun 30
64
Jul 1
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.3 CVE-2026-56278

Flowise – Session Hijacking via Weak Default Express Session Secret_CVE-2026-56278

Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses a weak hardcoded default secret ('flowise') for the express-session middleware whe...

Flowise Flowise CVE
MEDIUM 6.9 CVE-2026-56277

Flowise – Hardcoded CORS Wildcard in TTS Endpoint_CVE-2026-56277

Flowise before 3.1.2 sets Access-Control-Allow-Origin to a hardcoded wildcard (*) on its text-to-speech (TTS) generation endpoint (packages/server/...

Flowise Flowise CVE
CRITICAL 9.2 CVE-2026-56264

Crawl4AI – Arbitrary JavaScript Execution via /execute_js Endpoint_CVE-2026-56264

Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API server's /execute_js endpoint, which accepts and e...

Crawl4AI Crawl4AI 0.8.7 CVE
HIGH 7.2 CVE-2026-56249

Capgo – Unauthorized Channel Overwrite and Ownership Takeover via POST /channel Name Collision_CVE-2026-56249

Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite ...

Capgo Capgo CVE
HIGH 8.7 CVE-2026-56247

Capgo – Privilege Escalation via Cross-Scope RBAC Role Assignment_CVE-2026-56247

Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pend...

Capgo Capgo CVE
HIGH 8.7 CVE-2026-56233

Capgo – SSRF and Privilege Escalation via Path Traversal in Builder Upload Proxy_CVE-2026-56233

Capgo before 12.128.2 contains a path traversal vulnerability in the builder upload proxy that allows authenticated users with build permissions to...

Capgo Capgo CVE
HIGH 8.7 CVE-2026-56230

Capgo – Broken Object Level Authorization via x-limited-key-id Header_CVE-2026-56230

Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey() that accepts the client-controlled x-limited-ke...

Capgo Capgo CVE
MEDIUM 5.1 CVE-2026-56224

Capgo – Login CSRF and Session Fixation via URL Query Parameters_CVE-2026-56224

Capgo console.capgo.app/login before 12.128.2 accepts access_token and refresh_token in URL query parameters, automatically authenticating users wi...

Capgo Capgo CVE
HIGH 8.7 CVE-2026-56219

Capgo – Unauthenticated RBAC Bindings and Email Disclosure via get_org_user_access_rbac NULL-auth Bypass_CVE-2026-56219

Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.get_org_user_access_rbac function that allows unauthenticated attacke...

Capgo Capgo CVE