Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

221 New today

64,829 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

191

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 9.5

LiteLLM: Authentication Bypass via Host Header Injection_CVE-2026-49468

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0.

CVE-2026-49468 BerriAI litellm < 1.84.0

Jun 22, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-49461	pypdf: Possible large memory usage for form XObjects during text extraction_CVE-2026-49461 pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to la...	py-pdf	pypdf < 6.12.2	Jun 22, 2026	CVE
MEDIUM 5.1	CVE-2026-49460	pypdf: Inefficient decoding of FlateDecode PNG predictor streams_CVE-2026-49460 pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to lo...	py-pdf	pypdf < 6.12.2	Jun 22, 2026	CVE
MEDIUM 5.8	CVE-2026-47242	Net::IMAP: Command Injection via ID command argument_CVE-2026-47242 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAP#id is called w...	ruby	net-imap >= 0.6.0, < 0.6.4.1	Jun 22, 2026	CVE
LOW 2.1	CVE-2026-47241	Net::IMAP: Denial of Service via incomplete raw argument validation_CVE-2026-47241 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands ac...	ruby	net-imap >= 0.6.0, < 0.6.4.1	Jun 22, 2026	CVE
MEDIUM 5.8	CVE-2026-47240	Net::IMAP: Command Injection via non-synchronizing literal in “raw” argument_CVE-2026-47240 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands ac...	ruby	net-imap >= 0.6.0, < 0.6.4.1	Jun 22, 2026	CVE
CRITICAL 9.2	CVE-2026-45034	PhpSpreadsheet: File::prohibitWrappers bypass_CVE-2026-45034 PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.5, CVE-2026-34084 was patched by the helper File::pro...	PHPOffice	PhpSpreadsheet < 1.30.5	Jun 22, 2026	CVE
CRITICAL 9.3	CVE-2026-44727	Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP_CVE-2026-44727 Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored noteb...	jupyter-server	jupyter_server < 2.20	Jun 22, 2026	CVE
MEDIUM 5.4	CVE-2026-41479	Authlib OAuth 2.0 authorization endpoint open redirects to attacker-controlled redirect_uri on unsupported response_type_CVE-2026-41479 Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint ca...	authlib	authlib < 1.6.10	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-39904	Gophish 0.12.1 Denial of Service via Office Document Upload_CVE-2026-39904 Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by up...	gophish	gophish	Jun 22, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

LiteLLM: Authentication Bypass via Host Header Injection_CVE-2026-49468

Recent Advisories

pypdf: Possible large memory usage for form XObjects during text extraction_CVE-2026-49461

pypdf: Inefficient decoding of FlateDecode PNG predictor streams_CVE-2026-49460

Net::IMAP: Command Injection via ID command argument_CVE-2026-47242

Net::IMAP: Denial of Service via incomplete raw argument validation_CVE-2026-47241

Net::IMAP: Command Injection via non-synchronizing literal in “raw” argument_CVE-2026-47240

PhpSpreadsheet: File::prohibitWrappers bypass_CVE-2026-45034

Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP_CVE-2026-44727

Authlib OAuth 2.0 authorization endpoint open redirects to attacker-controlled redirect_uri on unsupported response_type_CVE-2026-41479

Gophish 0.12.1 Denial of Service via Office Document Upload_CVE-2026-39904

Protect Your Attack Surface with RedGem

Security Intelligence
Feed