Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

166 New today

65,719 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

Jun 26

Critical

High

Medium

Low

Latest

CVE CVSS 6.3

NewsBlur < 14.5.0 - Server-Side Request Forgery via add_url Endpoint_CVE-2026-56771

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the add_url endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access lo...

CVE-2026-56771 samuelclay NewsBlur

Jun 25, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2026-56770	libais 0.15 – Out-of-bounds Vector Access in VdmStream::AddLine via Invalid Sequential Message ID_CVE-2026-56770 libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range ...	schwehr	libais	Jun 25, 2026	CVE
MEDIUM 6.3	CVE-2026-56769	Huly Platform – Server-Side Request Forgery via /import Endpoint_CVE-2026-56769 Huly Platform before commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that a...	hcengineering	platform	Jun 25, 2026	CVE
HIGH 8.7	CVE-2026-56768	Seahub < 13.0.23 - Authentication Bypass in ShareLinkZipTaskView GET Method_CVE-2026-56768 Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass au...	haiwen	seahub	Jun 25, 2026	CVE
HIGH 8.7	CVE-2026-56767	Maxun < 0.0.42 - Cross-Tenant IDOR in Storage and Webhook API Handlers_CVE-2026-56767 Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenti...	getmaxun	maxun 0.0.42	Jun 25, 2026	CVE
HIGH 8.6	CVE-2026-56766	Hydra – Stack Buffer Overflow in NTLM Authentication Handler_CVE-2026-56766 Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy...	vanhauser-thc	thc-hydra	Jun 25, 2026	CVE
HIGH 8.2	CVE-2026-55667	File Browser: Out-of-scope file deletion by a Create-only scoped user via symlink-following RemoveAll in upload failure-cleanup_CVE-2026-55667 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.16	Jun 25, 2026	CVE
MEDIUM 5.8	CVE-2026-54250	K3s: ZIP Archive Path Traversal Vulnerability in etcd Snapshot Decompression_CVE-2026-54250 K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerabilit...	k3s-io	k3s >= 1.35.0-rc1+k3s1, < 1.35.3+k3s1	Jun 25, 2026	CVE
HIGH 7.2	CVE-2026-54097	File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix_CVE-2026-54097 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.6	Jun 25, 2026	CVE
HIGH 8.4	CVE-2026-54096	File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path_CVE-2026-54096 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.7	Jun 25, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

NewsBlur < 14.5.0 - Server-Side Request Forgery via add_url Endpoint_CVE-2026-56771

Recent Advisories

libais 0.15 – Out-of-bounds Vector Access in VdmStream::AddLine via Invalid Sequential Message ID_CVE-2026-56770

Huly Platform – Server-Side Request Forgery via /import Endpoint_CVE-2026-56769

Seahub < 13.0.23 - Authentication Bypass in ShareLinkZipTaskView GET Method_CVE-2026-56768

Maxun < 0.0.42 - Cross-Tenant IDOR in Storage and Webhook API Handlers_CVE-2026-56767

Hydra – Stack Buffer Overflow in NTLM Authentication Handler_CVE-2026-56766

File Browser: Out-of-scope file deletion by a Create-only scoped user via symlink-following RemoveAll in upload failure-cleanup_CVE-2026-55667

K3s: ZIP Archive Path Traversal Vulnerability in etcd Snapshot Decompression_CVE-2026-54250

File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix_CVE-2026-54097

File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path_CVE-2026-54096

Protect Your Attack Surface with RedGem

Security Intelligence
Feed