Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

207 New today

59,483 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

202

May 22

May 23

111

May 24

204

May 25

336

May 26

455

May 27

326

May 28

451

May 29

206

May 30

May 31

417

Jun 1

295

Jun 2

151

Jun 3

199

Jun 4

Critical

High

Medium

Low

Latest

CVE CVSS 3.1

Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs_CVE-2026-45739

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as `Authorization:...

CVE-2026-45739 strawberry-graphql strawberry >= 0.288.4, < 0.315.4

Jun 4, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.9	CVE-2026-41065	Tautulli Vulnerable to Unauthenticated/Authenticated Remote Code Execution via Newsletter Custom Template Directory_CVE-2026-41065 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code execution via...	Tautulli	Tautulli < 2.17.1	Jun 4, 2026	CVE
HIGH 7.5	CVE-2026-28318	SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability_CVE-2026-28318 SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: de...	SolarWinds	Serv-U 15.5.4 and previous versions	Jun 4, 2026	CVE
MEDIUM 5.3	CVE-2026-10864	MISP Dashboard widget field selection may expose restricted user and organisation data_CVE-2026-10864 A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returne...	misp	misp	Jun 4, 2026	CVE
MEDIUM 6.4	CVE-2026-10863	MISP User-controlled order parameter in correlations over-correlation endpoint_CVE-2026-10863 A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named re...	misp	misp	Jun 4, 2026	CVE
HIGH 7.9	CVE-2026-10860	MISP CRUDComponent delete validation bypass via operator precedence error_CVE-2026-10860 A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due t...	misp	misp	Jun 4, 2026	CVE
LOW 2	CVE-2026-10812	zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash_CVE-2026-10812 A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/p...	zilliztech	GPTCache 0.1.0	Jun 4, 2026	CVE
MEDIUM 5.3	CVE-2026-10811	itsourcecode Fees Management System receipt.php sql injection_CVE-2026-10811 A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality o...	itsourcecode	Fees Management System 1.0	Jun 4, 2026	CVE
NONE	TALOSBLOG:0CBDD...	Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting_TALOSBLOG:0CBDDA6FE6AA56CFD91490686CFCB8FF ![Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting](https://storage.ghost.io/c/af/a0/afa04ee3-414f-4481-8d23-7e7c146f19...	N/A	N/A	Jun 4, 2026	TALOSBLOG
NONE	HACKREAD:8A6DF3...	Lazarus Group Uses npm Brandjacking Campaign to Target Developers_HACKREAD:8A6DF38DFF0EFF16B4CCF1D5AB4EB07B North Korean Lazarus Group targets npm developers with brandjacking packages that mimic trusted tools, drop malware and put credentials at risk.	N/A	N/A	Jun 4, 2026	HACKREAD

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs_CVE-2026-45739

Recent Advisories

Tautulli Vulnerable to Unauthenticated/Authenticated Remote Code Execution via Newsletter Custom Template Directory_CVE-2026-41065

SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability_CVE-2026-28318

MISP Dashboard widget field selection may expose restricted user and organisation data_CVE-2026-10864

MISP User-controlled order parameter in correlations over-correlation endpoint_CVE-2026-10863

MISP CRUDComponent delete validation bypass via operator precedence error_CVE-2026-10860

zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash_CVE-2026-10812

itsourcecode Fees Management System receipt.php sql injection_CVE-2026-10811

Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting_TALOSBLOG:0CBDDA6FE6AA56CFD91490686CFCB8FF

Lazarus Group Uses npm Brandjacking Campaign to Target Developers_HACKREAD:8A6DF38DFF0EFF16B4CCF1D5AB4EB07B

Protect Your Attack Surface with RedGem

Security Intelligence
Feed