Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

80 New today

64,290 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

Jun 21

Critical

High

Medium

Low

Latest

CVE CVSS 4.6

Craft CMS – Stored XSS in Table Field via Row Heading Column Type_CVE-2026-56383

Craft CMS contains a stored cross-site scripting (XSS) vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account (wit...

CVE-2026-56383 craftcms cms 4.5.0-beta.1

Jun 21, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	CVE-2026-56382	Craft CMS – Remote Code Execution via Missing Config Sanitization in FieldsController_CVE-2026-56382 Craft CMS (composer package craftcms/cms) versions >= 5.5.0 and	craftcms	cms 5.5.0	Jun 21, 2026	CVE
MEDIUM 4.6	CVE-2026-56381	Craft CMS – Stored XSS via User Group Name in User Permissions Page_CVE-2026-56381 Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Permissions page where user group names are rende...	craftcms	cms 5.0.0-RC1	Jun 21, 2026	CVE
MEDIUM 6.3	CVE-2026-56378	ImageMagick – Heap Out-of-Bounds Read in PCD Decoder_CVE-2026-56378 ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file c...	ImageMagick	ImageMagick	Jun 21, 2026	CVE
MEDIUM 6.3	CVE-2026-56367	ImageMagick – Heap Out-of-Bounds Read in PSB RLE Decoding_CVE-2026-56367 ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in cod...	ImageMagick	ImageMagick	Jun 21, 2026	CVE
MEDIUM 6.9	CVE-2026-56316	Cap-go – Job Existence Oracle via Unauthenticated OPTIONS /build/upload/:jobId/_CVE-2026-56316 Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/ endpoint that allows unauthenticated ...	Cap-go	capgo	Jun 21, 2026	CVE
MEDIUM 6.9	CVE-2026-56299	Capgo – Denial of Service via Unauthenticated OPTIONS Request to /build/upload Endpoint_CVE-2026-56299 Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/* endpoint that allows unauthenticated attackers ...	Capgo	Capgo	Jun 21, 2026	CVE
CRITICAL 9.3	CVE-2026-56265	Crawl4AI – Authentication Bypass via Hardcoded JWT Signing Key_CVE-2026-56265 Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attacker...	Crawl4AI	Crawl4AI	Jun 21, 2026	CVE
HIGH 8.7	CVE-2026-56253	Capgo – Unauthenticated Organization Member Email Disclosure via get_org_members RPC_CVE-2026-56253 Capgo before 12.128.2 contains an improper access control vulnerability in the public.get_org_members RPC function that allows unauthenticated atta...	Capgo	Capgo	Jun 21, 2026	CVE
HIGH 7	CVE-2026-56251	Capgo – Privilege Escalation via Broken Row Level Security in org_users_CVE-2026-56251 Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users to elevate privileges from...	Capgo	Capgo	Jun 21, 2026	CVE

Security Intelligence
Feed

Daily Security Trends (Last 14 Days)

Craft CMS – Stored XSS in Table Field via Row Heading Column Type_CVE-2026-56383

Recent Advisories

Craft CMS – Remote Code Execution via Missing Config Sanitization in FieldsController_CVE-2026-56382

Craft CMS – Stored XSS via User Group Name in User Permissions Page_CVE-2026-56381

ImageMagick – Heap Out-of-Bounds Read in PCD Decoder_CVE-2026-56378

ImageMagick – Heap Out-of-Bounds Read in PSB RLE Decoding_CVE-2026-56367

Cap-go – Job Existence Oracle via Unauthenticated OPTIONS /build/upload/:jobId/*_CVE-2026-56316

Capgo – Denial of Service via Unauthenticated OPTIONS Request to /build/upload Endpoint_CVE-2026-56299

Crawl4AI – Authentication Bypass via Hardcoded JWT Signing Key_CVE-2026-56265

Capgo – Unauthenticated Organization Member Email Disclosure via get_org_members RPC_CVE-2026-56253

Capgo – Privilege Escalation via Broken Row Level Security in org_users_CVE-2026-56251

Protect Your Attack Surface with RedGem

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Craft CMS – Stored XSS in Table Field via Row Heading Column Type_CVE-2026-56383

Recent Advisories

Craft CMS – Remote Code Execution via Missing Config Sanitization in FieldsController_CVE-2026-56382

Craft CMS – Stored XSS via User Group Name in User Permissions Page_CVE-2026-56381

ImageMagick – Heap Out-of-Bounds Read in PCD Decoder_CVE-2026-56378

ImageMagick – Heap Out-of-Bounds Read in PSB RLE Decoding_CVE-2026-56367

Cap-go – Job Existence Oracle via Unauthenticated OPTIONS /build/upload/:jobId/*_CVE-2026-56316

Capgo – Denial of Service via Unauthenticated OPTIONS Request to /build/upload Endpoint_CVE-2026-56299

Crawl4AI – Authentication Bypass via Hardcoded JWT Signing Key_CVE-2026-56265

Capgo – Unauthenticated Organization Member Email Disclosure via get_org_members RPC_CVE-2026-56253

Capgo – Privilege Escalation via Broken Row Level Security in org_users_CVE-2026-56251

Protect Your Attack Surface with RedGem

Security Intelligence
Feed