Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

593 New today
63,365 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

354
Jun 4
517
Jun 5
109
Jun 6
32
Jun 7
255
Jun 8
658
Jun 9
351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
23
Jun 17
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.5 CVE-2026-49113

WordPress Cornerstone plugin < 7.8.8 - Arbitrary Code Execution vulnerability_CVE-2026-49113

Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.

THEMECO Cornerstone n/a CVE
CRITICAL 9.3 CVE-2026-49080

WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability_CVE-2026-49080

Unauthenticated SQL Injection in wpDataTables

TMS wpDataTables n/a CVE
HIGH 8.5 CVE-2026-49073

WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability_CVE-2026-49073

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL In...

wpWax Directorist Booking n/a CVE
HIGH 7.5 CVE-2026-49057

WordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerability_CVE-2026-49057

Unauthenticated Broken Access Control in JobSearch

EyeCix Technologies JobSearch n/a CVE
HIGH 7.1 CVE-2026-48869

WordPress Enfold theme <= 7.1.4 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-48869

Unauthenticated Cross Site Scripting (XSS) in Enfold

Kriesi Enfold n/a CVE
MEDIUM 4.8 CVE-2026-48783

Postiz has an unauthenticated billing-enforcement bypass via /public/modify-subscription_CVE-2026-48783

Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and appli...

gitroomhq postiz-app < 2.21.8 CVE
CRITICAL 9.9 CVE-2026-48781

Postiz has cross-tenant SUPERADMIN takeover via Skool-provider JWT forgery_CVE-2026-48781

Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-controlled JSON blob i...

gitroomhq postiz-app < 2.21.8 CVE
HIGH 7.5 CVE-2026-48779

ws: Memory exhaustion DoS from tiny fragments and data chunks_CVE-2026-48779

ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from...

websockets ws >= 1.1.0, < 5.2.5 CVE
CRITICAL 10 CVE-2026-48055

Streambert: Arbitrary File Write (Zip Slip) via Subtitle Extraction_CVE-2026-48055

Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip v...

truelockmc streambert < 2.5.0 CVE