Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

131 New today

59,336 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

202

May 22

May 23

111

May 24

204

May 25

336

May 26

455

May 27

326

May 28

451

May 29

206

May 30

May 31

417

Jun 1

295

Jun 2

151

Jun 3

Jun 4

Critical

High

Medium

Low

Latest

CVE CVSS 9.3

Exposed Hard-coded M3WebServer Backend API Key_CVE-2026-49191

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages.

CVE-2026-49191 Acer Connect M6E 5G Portable WiFi Router *

Jun 4, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.4	CVE-2026-49190	Missing Per-Instruction Authorization Checks_CVE-2026-49190 The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application instal...	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
NONE	THN:1914490991B...	DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets_THN:1914490991B466716EED3AB4A2342670 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTf5wAHnoXtVauiln2MwlVvLc4LxcL8SBTLuW648LfFhUd8QyuOUfjmg0Hd91QlksmWF2u-PQhxHDTDmseMI...	N/A	N/A	Jun 4, 2026	THN
CRITICAL 9.8	021063E9-0EFC-	Exploit for SQL Injection in Wpdeveloper Notificationx_021063E9-0EFC-5BB3-A717-3C9223961E61 CVE-2024-1698 – NotificationX WordPress Plugin SQL Injection Time‑Based Blind Unauthenticated Time‑Based Blind SQL Injection → Extract admin userna...	N/A	N/A	Jun 4, 2026	GITHUBEXPLOIT
NONE	74A7BA4E-D496-	Exploit for CVE-2026-49975_74A7BA4E-D496-587B-A72A-FA0BE663F994 CVE-2026-49975 — HTTP/2 Bomb PoC Proof-of-concept exploit for CVE-2026-49975, a remote denial-of-service vulnerability in HTTP/2 server implementat...	N/A	N/A	Jun 4, 2026	GITHUBEXPLOIT
MEDIUM 5.8	CVE-2026-46447	CVE-2026-46447_CVE-2026-46447 OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.	OpenStack	Ironic 17.0.0	Jun 3, 2026	CVE
HIGH 8.6	CVE-2026-49186	Lack of MQTT Broker Topic Access Control Lists_CVE-2026-49186 The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or...	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
CRITICAL 10	CVE-2026-49185	Instruction Injection via FieldX MDM_CVE-2026-49185 The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection.	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
MEDIUM 5.9	CVE-2026-48681	CVE-2026-48681_CVE-2026-48681 OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.	OpenStack	Ironic 17.0.0	Jun 4, 2026	CVE
MEDIUM 4.9	CVE-2026-44917	CVE-2026-44917_CVE-2026-44917 OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_temp...	OpenStack	Ironic 17.0.0	Jun 4, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Exposed Hard-coded M3WebServer Backend API Key_CVE-2026-49191

Recent Advisories

Missing Per-Instruction Authorization Checks_CVE-2026-49190

DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets_THN:1914490991B466716EED3AB4A2342670

Exploit for SQL Injection in Wpdeveloper Notificationx_021063E9-0EFC-5BB3-A717-3C9223961E61

Exploit for CVE-2026-49975_74A7BA4E-D496-587B-A72A-FA0BE663F994

CVE-2026-46447_CVE-2026-46447

Lack of MQTT Broker Topic Access Control Lists_CVE-2026-49186

Instruction Injection via FieldX MDM_CVE-2026-49185

CVE-2026-48681_CVE-2026-48681

CVE-2026-44917_CVE-2026-44917

Protect Your Attack Surface with RedGem

Security Intelligence
Feed