Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

227 New today

64,835 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

197

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 4.3

Deno: Denial of service via non-ASCII bytes in WebSocket response headers_CVE-2026-55517

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.5, a Deno program that opens a client WebSocket connection could be crashed by the remote server. While handling the WebSocket handshake response, Deno parsed the Sec-WebSocket-Protocol and Sec-WebSocket-E...

CVE-2026-55517 denoland deno < 2.7.5

Jun 23, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6	CVE-2026-54316	Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch_CVE-2026-54316 Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the ...	anthropics	claude-code >= 0.2.54, < 2.1.163	Jun 23, 2026	CVE
CRITICAL 9.3	CVE-2026-54257	Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow_CVE-2026-54257 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs i...	electron	electron >= 42.3.1, < 42.3.3	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-54022	Open WebUI: Any authenticated user can read other users’ private notes via Socket.IO_CVE-2026-54022 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the ydoc:document:join Socket.I...	open-webui	open-webui < 0.8.11	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-54021	Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter_CVE-2026-54021 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, several direct, index-addressed ...	open-webui	open-webui < 0.9.6	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-54019	Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode_CVE-2026-54019 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-leve...	open-webui	open-webui < 0.9.6	Jun 23, 2026	CVE
HIGH 7.7	CVE-2026-54018	Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects_CVE-2026-54018 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePlaywrightURLLoader impl...	open-webui	open-webui < 0.9.6	Jun 23, 2026	CVE
MEDIUM 4.3	CVE-2026-54016	Open WebUI: Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File Enumeration_CVE-2026-54016 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI has a Broken Object L...	open-webui	open-webui < 0.9.6	Jun 23, 2026	CVE
MEDIUM 6.4	CVE-2026-54015	Open WebUI: Prompt history IDOR: unbound history_id allows cross-prompt read and deletion_CVE-2026-54015 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI's prompt version-hist...	open-webui	open-webui < 0.9.6	Jun 23, 2026	CVE
MEDIUM 4.3	CVE-2026-54014	Open WebUI: Sibling-Prefix Path Traversal via /cache/{path} in open-webui/open-webui_CVE-2026-54014 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability e...	open-webui	open-webui < 0.9.6	Jun 23, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Deno: Denial of service via non-ASCII bytes in WebSocket response headers_CVE-2026-55517

Recent Advisories

Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch_CVE-2026-54316

Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow_CVE-2026-54257

Open WebUI: Any authenticated user can read other users’ private notes via Socket.IO_CVE-2026-54022

Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter_CVE-2026-54021

Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode_CVE-2026-54019

Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects_CVE-2026-54018

Open WebUI: Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File Enumeration_CVE-2026-54016

Open WebUI: Prompt history IDOR: unbound history_id allows cross-prompt read and deletion_CVE-2026-54015

Open WebUI: Sibling-Prefix Path Traversal via /cache/{path} in open-webui/open-webui_CVE-2026-54014

Protect Your Attack Surface with RedGem

Security Intelligence
Feed