Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

224 New today

65,462 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

175

Jun 25

Critical

High

Medium

Low

Latest

MALWAREBYTES CVSS 8.8

PixelSmash flaw turns video files into attack tools_MALWAREBYTES:EC34003352AA88477BAACCE9BF91A066

A newly discovered vulnerability in FFmpeg’s MagicYUV decoder can turn a tiny, malformed video into a foothold for attackers. Researchers have disclosed PixelSmash, a critical vulnerability tracked as CVE-2026-8461, in FFmpeg’s MagicYUV video decoder with a CVSS score of 8.8....

MALWAREBYTES:EC34003352AA88477BAACCE9BF91A066

Jun 24, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	MSSECURE:3B070B...	CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms_MSSECURE:3B070B95A636749B56951E3900D3E767 Cloud security is shifting from visibility to context-aware risk reduction, helping security teams understand which exposures matter most, prioriti...	N/A	N/A	Jun 24, 2026	MSSECURE
HIGH 7.5	CVE-2026-53950	@tryghost/activitypub: XSS in Ghost’s ActivityPub client_CVE-2026-53950 @tryghost/activitypub is Ghost’s social/federation client app. Prior to 3.1.0, the ActivityPub client in Ghost was vulnerable to JavaScript injecti...	TryGhost	Ghost < 3.1.0	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-53949	Ghost Content API filter bypass reveals private fields_CVE-2026-53949 Ghost is a Node.js content management system. From 5.46.1 until 6.21.2, the validation applied to filters on the public API endpoints could be part...	TryGhost	Ghost >= 5.46.1, < 6.21.2	Jun 24, 2026	CVE
MEDIUM 5.4	CVE-2026-53948	Ghost: File Upload Content-Type Spoofing_CVE-2026-53948 Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admi...	TryGhost	Ghost >= 6.19.4, < 6.21.1	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-53947	Ghost: Member existence leak via magic link sign-in response_CVE-2026-53947 Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possib...	TryGhost	Ghost >= 5.18.0, < 6.21.1	Jun 24, 2026	CVE
MEDIUM 5.4	CVE-2026-53946	Ghost: Mobiledoc image-size fetch SSRF_CVE-2026-53946 Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by is...	TryGhost	Ghost >= 6.19.4, < 6.21.1	Jun 24, 2026	CVE
MEDIUM 4	CVE-2026-53945	Ghost: Server-side request forgery via DNS rebinding in external request handling_CVE-2026-53945 Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DN...	TryGhost	Ghost >= 6.0.9, < 6.21.1	Jun 24, 2026	CVE
MEDIUM 5.8	CVE-2026-53944	Ghost: Private IP filtering bypass to make server-side requests to internal services_CVE-2026-53944 Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that...	TryGhost	Ghost >= 6.0.9, < 6.21.1	Jun 24, 2026	CVE
CRITICAL 9.6	CVE-2026-53943	Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header_CVE-2026-53943 Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being ...	TryGhost	Ghost >= 4.0.0, < 6.37.0	Jun 24, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

PixelSmash flaw turns video files into attack tools_MALWAREBYTES:EC34003352AA88477BAACCE9BF91A066

Recent Advisories

CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms_MSSECURE:3B070B95A636749B56951E3900D3E767

@tryghost/activitypub: XSS in Ghost’s ActivityPub client_CVE-2026-53950

Ghost Content API filter bypass reveals private fields_CVE-2026-53949

Ghost: File Upload Content-Type Spoofing_CVE-2026-53948

Ghost: Member existence leak via magic link sign-in response_CVE-2026-53947

Ghost: Mobiledoc image-size fetch SSRF_CVE-2026-53946

Ghost: Server-side request forgery via DNS rebinding in external request handling_CVE-2026-53945

Ghost: Private IP filtering bypass to make server-side requests to internal services_CVE-2026-53944

Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header_CVE-2026-53943

Protect Your Attack Surface with RedGem

Security Intelligence
Feed