Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

224 New today

65,462 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

175

Jun 25

Critical

High

Medium

Low

Latest

IMPERVABLOG

API Security Demystified: Which Tools Actually Protect Your APIs (And Where the Gaps Are)_IMPERVABLOG:0E46C9861D1FFFD49FEDC3014985F0E1

## Introduction Quick answer: No single tool secures an API. API security is a layered discipline. Secure-coding analyzers and SCA scanners catch code and dependency flaws; DAST tests running APIs; API gateways and IAM enforce authentication and rate limits; a WAF blocks know...

IMPERVABLOG:0E46C9861D1FFFD49FEDC3014985F0E1

Jun 25, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	THN:BD25B0B3685...	New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis_THN:BD25B0B3685DF00067DD7045F2EFCD97 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbTrOy7FP80AfVcwyuiLtJx1T9YECQ6fxHaelQKUn3MNwSV9P3tiVq4_-pOB-gmU3lF9GpWnc5ebVSAbp0MZ...	N/A	N/A	Jun 25, 2026	THN
NONE	MALWAREBYTES:8D...	Elite network says it was hacked after members’ personal data was left exposed_MALWAREBYTES:8DD20C3A275E37B4123FD763E33A138B Some organizations exist to be exclusive. They're invite-only, and discreet, the kind of place where the membership directory is the product. Dia...	N/A	N/A	Jun 25, 2026	MALWAREBYTES
LOW 2	CVE-2026-56130	Apache Shiro: Remember-me cookie isn’t checked for expiry on the server_CVE-2026-56130 "Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, ...	Apache Software Foundation	Apache Shiro 1.2.4	Jun 25, 2026	CVE
HIGH 8.2	CVE-2026-56091	Apache Shiro: Authentication bypass in Guice-Web integration_CVE-2026-56091 When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. ...	Apache Software Foundation	Apache Shiro	Jun 25, 2026	CVE
MEDIUM 6.4	CVE-2026-54226	Apache Kvrocks: RESTORE IntSet Integer Overflow Leads to Remote DoS_CVE-2026-54226 A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0. Users are recommended to upgrade to version 2.16...	Apache Software Foundation	Apache Kvrocks 2.6.0	Jun 25, 2026	CVE
CRITICAL 10	CVE-2026-46752	Apache Kvrocks: Stack buffer overflow in Lua bit.tohex()_CVE-2026-46752 Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are...	Apache Software Foundation	Apache Kvrocks 2.0.4	Jun 25, 2026	CVE
MEDIUM 5.5	CVE-2026-46751	Apache Kvrocks: Does not remove the unsafe loadstring function from its Lua sandbox, allowing a user who can run EVAL scripts to load crafted, unvalidated bytecode that crashes the server process, resulting in a remote denial of service._CVE-2026-46751 A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.2.0 through 2.15.0. Users are recommended to upgrade to version 2.16...	Apache Software Foundation	Apache Kvrocks 2.2.0	Jun 25, 2026	CVE
LOW 2.4	CVE-2026-45188	Apache Kvrocks: Replication Fullsync Path Traversal via Unvalidated Filename Handling_CVE-2026-45188 Relative Path Traversal vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.15.0. Users are recommended to u...	Apache Software Foundation	Apache Kvrocks 1.0.0	Jun 25, 2026	CVE
CRITICAL 9.4	CVE-2026-41566	Apache Kvrocks: Improper permission for the APPLYBATCH command_CVE-2026-41566 Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: 2.8.0. Users are ...	Apache Software Foundation	Apache Kvrocks 2.8.0	Jun 25, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

API Security Demystified: Which Tools Actually Protect Your APIs (And Where the Gaps Are)_IMPERVABLOG:0E46C9861D1FFFD49FEDC3014985F0E1

Recent Advisories

New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis_THN:BD25B0B3685DF00067DD7045F2EFCD97

Elite network says it was hacked after members’ personal data was left exposed_MALWAREBYTES:8DD20C3A275E37B4123FD763E33A138B

Apache Shiro: Remember-me cookie isn’t checked for expiry on the server_CVE-2026-56130

Apache Shiro: Authentication bypass in Guice-Web integration_CVE-2026-56091

Apache Kvrocks: RESTORE IntSet Integer Overflow Leads to Remote DoS_CVE-2026-54226

Apache Kvrocks: Stack buffer overflow in Lua bit.tohex()_CVE-2026-46752

Apache Kvrocks: Does not remove the unsafe loadstring function from its Lua sandbox, allowing a user who can run EVAL scripts to load crafted, unvalidated bytecode that crashes the server process, resulting in a remote denial of service._CVE-2026-46751

Apache Kvrocks: Replication Fullsync Path Traversal via Unvalidated Filename Handling_CVE-2026-45188

Apache Kvrocks: Improper permission for the APPLYBATCH command_CVE-2026-41566

Protect Your Attack Surface with RedGem

Security Intelligence
Feed