Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

224 New today

65,462 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

175

Jun 25

Critical

High

Medium

Low

Latest

HACKREAD

Fake npm Packages Impersonate PostCSS Tool to Steal Chrome Passwords_HACKREAD:6141367662A6D7A675D4167ED30B5E35

JFrog warns of malicious npm packages that mimic PostCSS tooling, drop a Windows RAT, and target Chrome-stored passwords through a staged infection setup route.

HACKREAD:6141367662A6D7A675D4167ED30B5E35

Jun 24, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.7	CVE-2026-9710	Themeco Cornerstone < 7.8.8 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Password Hash Disclosure_CVE-2026-9710 The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-preview request handlers, and exposes the nonce ...	Unknown	Cornerstone 3.0.0	Jun 24, 2026	CVE
HIGH 7.7	CVE-2026-9709	Themeco Cornerstone < 7.8.9 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Meta Disclosure_CVE-2026-9709 The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to ...	Unknown	Cornerstone 3.0.0	Jun 24, 2026	CVE
LOW 2.7	CVE-2026-10753	Site Kit by Google < 1.176.0 - Editor+ Email Reporting Settings Update_CVE-2026-10753 The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-priv...	Unknown	Site Kit by Google	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-10749	Post Duplicator < 3.0.15 - Contributor+ PHP Object Injection via customMetaData_CVE-2026-10749 The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied seria...	Unknown	Post Duplicator	Jun 24, 2026	CVE
HIGH 7.5	CVE-2026-10735	ShapedPlugin Multiple Pro Plugins – Backdoor via Compromised Vendor Update Server_CVE-2026-10735 Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommer...	Unknown	smart-post-show-pro 4.0.1	Jun 24, 2026	CVE
MEDIUM 5.4	CVE-2026-10531	AI Share & Summarize < 2.0.4 - Contributor+ Stored XSS via title_style Shortcode Attribute_CVE-2026-10531 The AI Share & Summarize WordPress plugin before 2.0.4 does not sanitise and escape some of its shortcode attributes before outputting them in a pa...	Unknown	AI Share & Summarize	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-56761	hono – HTML Injection via Improper JSX Attribute Name Handling in SSR_CVE-2026-56761 hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using ...	hono	hono	Jun 24, 2026	CVE
MEDIUM 4.8	CVE-2026-56370	ImageMagick – Out-of-bounds Access in ConnectedComponentsImage via connected-components Artifact_CVE-2026-56370 ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage() when processing connected-components artif...	ImageMagick	ImageMagick	Jun 24, 2026	CVE
MEDIUM 6.3	CVE-2026-56368	ImageMagick – Memory Leak in Raw Pixel Data Coders_CVE-2026-56368 ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not prope...	ImageMagick	ImageMagick	Jun 24, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Fake npm Packages Impersonate PostCSS Tool to Steal Chrome Passwords_HACKREAD:6141367662A6D7A675D4167ED30B5E35

Recent Advisories

Themeco Cornerstone < 7.8.8 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Password Hash Disclosure_CVE-2026-9710

Themeco Cornerstone < 7.8.9 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Meta Disclosure_CVE-2026-9709

Site Kit by Google < 1.176.0 - Editor+ Email Reporting Settings Update_CVE-2026-10753

Post Duplicator < 3.0.15 - Contributor+ PHP Object Injection via customMetaData_CVE-2026-10749

ShapedPlugin Multiple Pro Plugins – Backdoor via Compromised Vendor Update Server_CVE-2026-10735

AI Share & Summarize < 2.0.4 - Contributor+ Stored XSS via title_style Shortcode Attribute_CVE-2026-10531

hono – HTML Injection via Improper JSX Attribute Name Handling in SSR_CVE-2026-56761

ImageMagick – Out-of-bounds Access in ConnectedComponentsImage via connected-components Artifact_CVE-2026-56370

ImageMagick – Memory Leak in Raw Pixel Data Coders_CVE-2026-56368

Protect Your Attack Surface with RedGem

Security Intelligence
Feed