Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

324 New today

65,952 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

289

Jun 26

Critical

High

Medium

Low

Latest

CVE CVSS 6.3

ML-KEM ARM64 NEON ciphertext comparison only compares half of the input_CVE-2026-6330

The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so...

CVE-2026-6330 wolfSSL wolfSSL 5.7.4

Jun 25, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6	CVE-2026-6329	PKCS#12 MAC verification uses attacker-controlled comparison length_CVE-2026-6329 PKCS#12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to b...	wolfSSL	wolfSSL 3.10.0	Jun 25, 2026	CVE
LOW 2	CVE-2026-6325	Out-of-bounds write in SetSuitesHashSigAlgo on oversized signature algorithms list_CVE-2026-6325 Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destina...	wolfSSL	wolfSSL 4.8.0	Jun 25, 2026	CVE
LOW 2.1	CVE-2026-6092	Encrypt-then-MAC could fall back to MAC-then-Encrypt when HAVE_ENCRYPT_THEN_MAC is configured_CVE-2026-6092 When HAVE_ENCRYPT_THEN_MAC is configured, the implementation could fall back to MAC-then-Encrypt rather than enforcing Encrypt-then-MAC.	wolfSSL	wolfSSL 5.2.0	Jun 25, 2026	CVE
MEDIUM 6	CVE-2026-55962	TLS 1.3 post-handshake authentication: server accepts Finished without client Certificate/CertificateVerify_CVE-2026-55962 TLS 1.3 post-handshake authentication (PHA) issue where a server could accept a client's Finished message without the client having sent a Certific...	wolfSSL	wolfSSL 5.5.4	Jun 25, 2026	CVE
HIGH 7.3	CVE-2026-54479	EVoke Systems EVoke CSMS Insufficient Session Expiration_CVE-2026-54479 The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same sess...	EVoke	EVoke CSMS All versions	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-50176	EVoke Systems EVoke CSMS Improper Restriction of Excessive Authentication Attempts_CVE-2026-50176 The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allo...	EVoke	EVoke CSMS All versions	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-44622	EVoke Systems EVoke CSMS Insufficiently Protected Credentials_CVE-2026-44622 Charging station authentication identifiers are publicly accessible via web-based mapping platforms.	EVoke	EVoke CSMS All versions	Jun 25, 2026	CVE
CRITICAL 9.4	CVE-2026-40702	EVoke Systems EVoke CSMS Missing Authentication for Critical Function_CVE-2026-40702 WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit ...	EVoke	EVoke CSMS All versions	Jun 25, 2026	CVE
HIGH 7.4	CVE-2026-12992	Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation_CVE-2026-12992 A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature....	Red Hat	Red Hat build of Apicurio Registry 3	Jun 25, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

ML-KEM ARM64 NEON ciphertext comparison only compares half of the input_CVE-2026-6330

Recent Advisories

PKCS#12 MAC verification uses attacker-controlled comparison length_CVE-2026-6329

Out-of-bounds write in SetSuitesHashSigAlgo on oversized signature algorithms list_CVE-2026-6325

Encrypt-then-MAC could fall back to MAC-then-Encrypt when HAVE_ENCRYPT_THEN_MAC is configured_CVE-2026-6092

TLS 1.3 post-handshake authentication: server accepts Finished without client Certificate/CertificateVerify_CVE-2026-55962

EVoke Systems EVoke CSMS Insufficient Session Expiration_CVE-2026-54479

EVoke Systems EVoke CSMS Improper Restriction of Excessive Authentication Attempts_CVE-2026-50176

EVoke Systems EVoke CSMS Insufficiently Protected Credentials_CVE-2026-44622

EVoke Systems EVoke CSMS Missing Authentication for Critical Function_CVE-2026-40702

Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation_CVE-2026-12992

Protect Your Attack Surface with RedGem

Security Intelligence
Feed