Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

264 New today

64,890 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

252

Jun 23

Critical

High

Medium

Low

Latest

QUALYSBLOG

3 Paths to Upgrade Windows 11 before 24H2 End of Servicing (EOL)_QUALYSBLOG:FDC705F50F73787D6AF114F35B4AE2FD

* * * #### Key Takeaways * Windows 11 24H2 reaches the end of servicing on October 13, 2026, making timely enterprise upgrades critical. * Enterprises often face version drift, with multiple Windows 11 builds across endpoints requiring different upgrade paths. * Upgrad...

QUALYSBLOG:FDC705F50F73787D6AF114F35B4AE2FD

Jun 23, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-8379	Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Download_CVE-2026-8379 The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing una...	Unknown	Frontend File Manager Plugin	Jun 23, 2026	CVE
CRITICAL 9.1	CVE-2026-9733	Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter_CVE-2026-9733 Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specifi...	HAYAJO	Mojolicious::Plugin::Web::Auth::OAuth2 0.17	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-12969	Dnsmasq: dnsmasq: out-of-bounds read in find_soa() due to missing extrabytes validation_CVE-2026-12969 An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is ca...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
MEDIUM 5.1	CVE-2026-11772	Reflected XSS in DRIMO CMS_CVE-2026-11772 DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in a...	DRIMO	DRIMO CMS	Jun 23, 2026	CVE
MEDIUM 6.8	CVE-2026-10609	Openshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorization_CVE-2026-10609 A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output...	Red Hat	Logging Subsystem for Red Hat OpenShift	Jun 23, 2026	CVE
HIGH 7.4	CVE-2026-56815	CVE-2026-56815_CVE-2026-56815 pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor.	rasta-mouse	pwnlift	Jun 23, 2026	CVE
CRITICAL 9.2	CVE-2026-35019	NetComm NF20MESH < R6B032 Hardcoded AES Key Authentication Bypass_CVE-2026-35019 NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers t...	NetComm Wireless Pty Ltd	NF20MESH	Jun 23, 2026	CVE
HIGH 8.7	CVE-2026-35018	NetComm NF20MESH < R6B032 Authenticated RCE via OS Command Injection_CVE-2026-35018 NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated...	NetComm Wireless Pty Ltd	NF20MESH R6B031 and earlier	Jun 23, 2026	CVE
CRITICAL 9.4	CVE-2026-28496	FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE_CVE-2026-28496 FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection (SSTI) vulne...	FOSSBilling	FOSSBilling < 0.8.0	Jun 23, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

3 Paths to Upgrade Windows 11 before 24H2 End of Servicing (EOL)_QUALYSBLOG:FDC705F50F73787D6AF114F35B4AE2FD

Recent Advisories

Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Download_CVE-2026-8379

Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter_CVE-2026-9733

Dnsmasq: dnsmasq: out-of-bounds read in find_soa() due to missing extrabytes validation_CVE-2026-12969

Reflected XSS in DRIMO CMS_CVE-2026-11772

Openshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorization_CVE-2026-10609

CVE-2026-56815_CVE-2026-56815

NetComm NF20MESH < R6B032 Hardcoded AES Key Authentication Bypass_CVE-2026-35019

NetComm NF20MESH < R6B032 Authenticated RCE via OS Command Injection_CVE-2026-35018

FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE_CVE-2026-28496

Protect Your Attack Surface with RedGem

Security Intelligence
Feed