Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

200 New today

59,483 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

202

May 22

May 23

111

May 24

204

May 25

336

May 26

455

May 27

326

May 28

451

May 29

206

May 30

May 31

417

Jun 1

295

Jun 2

151

Jun 3

199

Jun 4

Critical

High

Medium

Low

Latest

CVE CVSS 6.5

Hermes WebUI before 0.51.221 Path Traversal via Symlink Workspace Bypass_CVE-2026-11322

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing...

CVE-2026-11322 nesquena Hermes WebUI

Jun 4, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	CVE-2026-10871	Shibby Tomato Web UI rc start_6rd_tunnel os command injection_CVE-2026-10871 A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the com...	Shibby	Tomato 1.28.0000	Jun 4, 2026	CVE
HIGH 7.5	CVE-2026-8888	CVE-2026-8888_CVE-2026-8888 Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressio...	Securly	Securly Chrome Extension	Jun 3, 2026	CVE
HIGH 7.5	CVE-2026-8881	CVE-2026-8881_CVE-2026-8881 Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been b...	Securly	Securly Chrome Extension	Jun 3, 2026	CVE
MEDIUM 6.5	CVE-2026-8722	Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections_CVE-2026-8722 Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes...	TEAM	Net::Async::Statsd::Client	Jun 3, 2026	CVE
CRITICAL 9.8	CVE-2025-67446	CVE-2025-67446_CVE-2025-67446 Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cook...	Neterbit	NW-431F Router 20241014-IR03 and before	Jun 4, 2026	CVE
HIGH 7.4	CVE-2026-50292	CVE-2026-50292_CVE-2026-50292 In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary roo...	freedesktop	libinput	Jun 4, 2026	CVE
MEDIUM 6.8	CVE-2026-48040	netty-incubator-codec-ohttp’s Incorrect Native Pointer Derivation in Pooled Direct ByteBuf Fallback Leads to Out-of-Bounds Native Memory Access_CVE-2026-48040 The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C li...	netty	netty-incubator-codec-ohttp < 0.0.22.Final	Jun 4, 2026	CVE
MEDIUM 5.4	CVE-2026-42547	IRIS Alerts Can be Falsely Attributed to Customers_CVE-2026-42547 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, use...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
MEDIUM 4.3	CVE-2026-42543	IRIS has a Cross-Site Request Forgery (CSRF) issue_CVE-2026-42543 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vul...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Hermes WebUI before 0.51.221 Path Traversal via Symlink Workspace Bypass_CVE-2026-11322

Recent Advisories

Shibby Tomato Web UI rc start_6rd_tunnel os command injection_CVE-2026-10871

CVE-2026-8888_CVE-2026-8888

CVE-2026-8881_CVE-2026-8881

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections_CVE-2026-8722

CVE-2025-67446_CVE-2025-67446

CVE-2026-50292_CVE-2026-50292

netty-incubator-codec-ohttp’s Incorrect Native Pointer Derivation in Pooled Direct ByteBuf Fallback Leads to Out-of-Bounds Native Memory Access_CVE-2026-48040

IRIS Alerts Can be Falsely Attributed to Customers_CVE-2026-42547

IRIS has a Cross-Site Request Forgery (CSRF) issue_CVE-2026-42543

Protect Your Attack Surface with RedGem

Security Intelligence
Feed