Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

287 New today

64,930 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

292

Jun 23

Jun 24

Critical

High

Medium

Low

Latest

CVE CVSS 6.1

NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL_CVE-2026-46547

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and <a> tag bindings without validation, allo...

CVE-2026-46547 nocodb nocodb < 2026.04.1

Jun 23, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-41862	CVE-2026-41862_CVE-2026-41862 Spring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persisted state-machine contexts without enfo...	Spring	Spring Statemachine 4.0.0	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-54518	jackson-databind: @JsonView bypass for unwrapped creator parameters in jackson-databind_CVE-2026-54518 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3....	FasterXML	jackson-databind >= 2.21.0, < 2.21.4	Jun 23, 2026	CVE
HIGH 8.4	CVE-2026-56785	FlatPress – Stored Cross-Site Scripting via Unescaped Comment and Contact Form Fields_CVE-2026-56785 FlatPress versions prior to commit 10be83c, contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and ...	FlatPress	FlatPress	Jun 23, 2026	CVE
CRITICAL 9.6	CVE-2026-54588	Poweradmin has Host Header Injection in OIDC redirect_uri, SAML ACS/SLO URL, and Logout Redirect Construction._CVE-2026-54588 Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` re...	poweradmin	poweradmin < 4.2.4	Jun 23, 2026	CVE
MEDIUM 5.5	CVE-2026-48493	Snipe-IT Vulnerable to Privilege Escalation for self via API Permissions Assignment_CVE-2026-48493 Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/{their...	grokability	snipe-it < 8.6.0	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-47693	Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications_CVE-2026-47693 Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection (Formula I...	poweradmin	poweradmin < 4.2.4	Jun 23, 2026	CVE
MEDIUM 4.9	CVE-2026-12164	Privilege Escalation in Fortra File Integrity Monitoring (FIM)_CVE-2026-12164 Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permission...	Fortra	File Integrity Monitoring (FIM)	Jun 23, 2026	CVE
MEDIUM 5.5	CVE-2026-12163	Stored XSS in Fortra File Integrity Monitoring (FIM)_CVE-2026-12163 Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting (XSS) vulnera...	Fortra	Fortra File Integrity Monitoring (FIM)	Jun 23, 2026	CVE
HIGH 8.2	CVE-2026-11972	tarfile opened in streaming mode mishandles EOF_CVE-2026-11972 When using the "tarfile" module with a file opened in "streaming mode" (mode="r\|") the tarfile module did not properly handle EOF, meaning an archi...	Python Software Foundation	CPython	Jun 23, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL_CVE-2026-46547

Recent Advisories

CVE-2026-41862_CVE-2026-41862

jackson-databind: @JsonView bypass for unwrapped creator parameters in jackson-databind_CVE-2026-54518

FlatPress – Stored Cross-Site Scripting via Unescaped Comment and Contact Form Fields_CVE-2026-56785

Poweradmin has Host Header Injection in OIDC redirect_uri, SAML ACS/SLO URL, and Logout Redirect Construction._CVE-2026-54588

Snipe-IT Vulnerable to Privilege Escalation for self via API Permissions Assignment_CVE-2026-48493

Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications_CVE-2026-47693

Privilege Escalation in Fortra File Integrity Monitoring (FIM)_CVE-2026-12164

Stored XSS in Fortra File Integrity Monitoring (FIM)_CVE-2026-12163

tarfile opened in streaming mode mishandles EOF_CVE-2026-11972

Protect Your Attack Surface with RedGem

Security Intelligence
Feed