Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

90 New today

64,312 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

Jun 21

Jun 22

Critical

High

Medium

Low

Latest

CVE CVSS 5.3

Craft CMS – Authorization Bypass in assets/preview-file Endpoint_CVE-2026-56385

Craft CMS versions >= 5.0.0-RC1, <= 5.9.13 and >= 4.0.0-RC1, <= 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce per-asset view authorization before returning preview content, allowing an authenticated low-privileged user ...

CVE-2026-56385 craftcms cms 5.0.0-RC1

Jun 21, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-56384	Craft CMS – Missing Authorization in assets/preview-thumb Endpoint_CVE-2026-56384 Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a ta...	craftcms	cms 4.0.0-RC1	Jun 21, 2026	CVE
MEDIUM 4.6	CVE-2026-56383	Craft CMS – Stored XSS in Table Field via Row Heading Column Type_CVE-2026-56383 Craft CMS contains a stored cross-site scripting (XSS) vulnerability in the editableTable.twig component when using the 'Row Heading' column type. ...	craftcms	cms 4.5.0-beta.1	Jun 21, 2026	CVE
HIGH 8.6	CVE-2026-56382	Craft CMS – Remote Code Execution via Missing Config Sanitization in FieldsController_CVE-2026-56382 Craft CMS (composer package craftcms/cms) versions >= 5.5.0 and	craftcms	cms 5.5.0	Jun 21, 2026	CVE
MEDIUM 4.6	CVE-2026-56381	Craft CMS – Stored XSS via User Group Name in User Permissions Page_CVE-2026-56381 Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Permissions page where user group names are rende...	craftcms	cms 5.0.0-RC1	Jun 21, 2026	CVE
MEDIUM 6.3	CVE-2026-56378	ImageMagick – Heap Out-of-Bounds Read in PCD Decoder_CVE-2026-56378 ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file c...	ImageMagick	ImageMagick	Jun 21, 2026	CVE
MEDIUM 6.3	CVE-2026-56367	ImageMagick – Heap Out-of-Bounds Read in PSB RLE Decoding_CVE-2026-56367 ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in cod...	ImageMagick	ImageMagick	Jun 21, 2026	CVE
MEDIUM 6.9	CVE-2026-56316	Cap-go – Job Existence Oracle via Unauthenticated OPTIONS /build/upload/:jobId/_CVE-2026-56316 Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/ endpoint that allows unauthenticated ...	Cap-go	capgo	Jun 21, 2026	CVE
MEDIUM 6.9	CVE-2026-56299	Capgo – Denial of Service via Unauthenticated OPTIONS Request to /build/upload Endpoint_CVE-2026-56299 Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/* endpoint that allows unauthenticated attackers ...	Capgo	Capgo	Jun 21, 2026	CVE
CRITICAL 9.3	CVE-2026-56265	Crawl4AI – Authentication Bypass via Hardcoded JWT Signing Key_CVE-2026-56265 Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attacker...	Crawl4AI	Crawl4AI	Jun 21, 2026	CVE

Security Intelligence
Feed

Daily Security Trends (Last 14 Days)

Craft CMS – Authorization Bypass in assets/preview-file Endpoint_CVE-2026-56385

Recent Advisories

Craft CMS – Missing Authorization in assets/preview-thumb Endpoint_CVE-2026-56384

Craft CMS – Stored XSS in Table Field via Row Heading Column Type_CVE-2026-56383

Craft CMS – Remote Code Execution via Missing Config Sanitization in FieldsController_CVE-2026-56382

Craft CMS – Stored XSS via User Group Name in User Permissions Page_CVE-2026-56381

ImageMagick – Heap Out-of-Bounds Read in PCD Decoder_CVE-2026-56378

ImageMagick – Heap Out-of-Bounds Read in PSB RLE Decoding_CVE-2026-56367

Cap-go – Job Existence Oracle via Unauthenticated OPTIONS /build/upload/:jobId/*_CVE-2026-56316

Capgo – Denial of Service via Unauthenticated OPTIONS Request to /build/upload Endpoint_CVE-2026-56299

Crawl4AI – Authentication Bypass via Hardcoded JWT Signing Key_CVE-2026-56265

Protect Your Attack Surface with RedGem

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Craft CMS – Authorization Bypass in assets/preview-file Endpoint_CVE-2026-56385

Recent Advisories

Craft CMS – Missing Authorization in assets/preview-thumb Endpoint_CVE-2026-56384

Craft CMS – Stored XSS in Table Field via Row Heading Column Type_CVE-2026-56383

Craft CMS – Remote Code Execution via Missing Config Sanitization in FieldsController_CVE-2026-56382

Craft CMS – Stored XSS via User Group Name in User Permissions Page_CVE-2026-56381

ImageMagick – Heap Out-of-Bounds Read in PCD Decoder_CVE-2026-56378

ImageMagick – Heap Out-of-Bounds Read in PSB RLE Decoding_CVE-2026-56367

Cap-go – Job Existence Oracle via Unauthenticated OPTIONS /build/upload/:jobId/*_CVE-2026-56316

Capgo – Denial of Service via Unauthenticated OPTIONS Request to /build/upload Endpoint_CVE-2026-56299

Crawl4AI – Authentication Bypass via Hardcoded JWT Signing Key_CVE-2026-56265

Protect Your Attack Surface with RedGem

Security Intelligence
Feed