Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

327 New today
65,672 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
9
Jun 26
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.3 CVE-2026-56774

Kanboard – Cross-User Deletion of Persistent Login Sessions via Unvalidated Session ID_CVE-2026-56774

Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to...

kanboard kanboard CVE
MEDIUM 5.3 CVE-2026-56772

NewsBlur < 14.5.0 - Insecure Direct Object Reference in Social Interactions Endpoint_CVE-2026-56772

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplyi...

samuelclay NewsBlur CVE
MEDIUM 6.3 CVE-2026-56771

NewsBlur < 14.5.0 - Server-Side Request Forgery via add_url Endpoint_CVE-2026-56771

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the add_url endpoint that allows authenticated users to make...

samuelclay NewsBlur CVE
HIGH 8.7 CVE-2026-56770

libais 0.15 – Out-of-bounds Vector Access in VdmStream::AddLine via Invalid Sequential Message ID_CVE-2026-56770

libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range ...

schwehr libais CVE
MEDIUM 6.3 CVE-2026-56769

Huly Platform – Server-Side Request Forgery via /import Endpoint_CVE-2026-56769

Huly Platform before commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that a...

hcengineering platform CVE
HIGH 8.7 CVE-2026-56768

Seahub < 13.0.23 - Authentication Bypass in ShareLinkZipTaskView GET Method_CVE-2026-56768

Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass au...

haiwen seahub CVE
HIGH 8.7 CVE-2026-56767

Maxun < 0.0.42 - Cross-Tenant IDOR in Storage and Webhook API Handlers_CVE-2026-56767

Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenti...

getmaxun maxun 0.0.42 CVE
HIGH 8.6 CVE-2026-56766

Hydra – Stack Buffer Overflow in NTLM Authentication Handler_CVE-2026-56766

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy...

vanhauser-thc thc-hydra CVE
HIGH 8.2 CVE-2026-55667

File Browser: Out-of-scope file deletion by a Create-only scoped user via symlink-following RemoveAll in upload failure-cleanup_CVE-2026-55667

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...

filebrowser filebrowser < 2.63.16 CVE