Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

311 New today
65,953 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
290
Jun 26
Critical
High
Medium
Low
Latest
CVE CVSS 7.5

Podman: Malformed Image can trick podman run into leaking host environment variables into the container_CVE-2026-57231

Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that ...

CVE-2026-57231 podman-container-tools podman >= 1.8.1, < 5.8.4
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.4 CVE-2026-56823

AutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping Triggering_CVE-2026-56823

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the `POST /ap...

Significant-Gravitas AutoGPT < 0.6.64 CVE
HIGH 8.5 CVE-2026-56663

AutoGPT: SSRF-to-RCE Chain in `SendWebRequestBlock` via IP validation bypass and internal `pg-meta` access_CVE-2026-56663

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an auth...

Significant-Gravitas AutoGPT < 0.6.52 CVE
MEDIUM 5.3 CVE-2026-55686

Podman: WORKDIR symlink traversal vulnerability_CVE-2026-55686

Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains ...

podman-container-tools podman >= 3.0.0, < 5.7.1 CVE
HIGH 7.5 CVE-2026-55677

Echo: Encoded slash (%2F) bypasses route-level protection and exposes static files_CVE-2026-55677

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches rout...

labstack echo < 4.15.3 CVE
CRITICAL 9 CVE-2026-54636

Dokku: OS Command Injection via app.json managed Cron_CVE-2026-54636

Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku ...

dokku dokku < 0.38.7 CVE
MEDIUM 6 CVE-2026-48529

GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion_CVE-2026-48529

GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessC...

github github-mcp-server >= 0.22.0, < 1.1.2 CVE
CRITICAL 9 CVE-2026-45408

Dokku: OS Command Injection via App Name in Git Pre-Receive Hook_CVE-2026-45408

Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$) permits shell metacharacters. When an authent...

dokku dokku < 0.38.2 CVE
MEDIUM 5 CVE-2026-45407

Dokku: Git Credentials in .netrc Stored World-Readable Due to Premature touch_CVE-2026-45407

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc using bash's touch command, which applies the defa...

dokku dokku < 0.38.2 CVE
CRITICAL 9 CVE-2026-45406

Dokku: Host RCE via Maliciously Named OpenResty Include Files Injected Through eval_CVE-2026-45406

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository dir...

dokku dokku < 0.38.2 CVE