Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

81 New today

64,291 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

Jun 21

Critical

High

Medium

Low

Latest

CVE CVSS 2.3

BerriAI litellm M2M JWT user_api_key_auth.py improper authorization_CVE-2026-12771

A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high...

CVE-2026-12771 BerriAI litellm 1.82.0

Jun 21, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	B9CE5CD6-EC89-	ai-goat-ai-vulnerability-exploits-collection_B9CE5CD6-EC89-5FA8-B3CB-408F75A699C5 AI GOAT - AI Vulnerability & Exploits Collection ⚠️ A deliberately-vulnerable test corpus. Every file in this repository is intentionally insecure ...	N/A	N/A	Jun 20, 2026	GITHUBEXPLOIT
LOW 3.7	CVE-2026-56355	CVE-2026-56355_CVE-2026-56355 GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization.	GNU	Savane 3.14	Jun 20, 2026	CVE
NONE	EBBC7019-30C8-	Web-Security-Audit-Skill_EBBC7019-30C8-5C4F-A020-88763BC8166B --- Features - Multi-language support: Automatic identification and scanning of PHP, Java, Python, Go source codes. - 60+ detection rules: Based on...	N/A	N/A	Jun 20, 2026	GITHUBEXPLOIT
MEDIUM 5.3	CVE-2026-56347	AVideo TopMenu Plugin – Stored Cross-Site Scripting via Unescaped Menu Item Fields_CVE-2026-56347 AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encodi...	WWBN	AVideo	Jun 20, 2026	CVE
MEDIUM 6.9	CVE-2026-56346	AVideo – Unauthenticated PGP Message Decryption via decryptMessage.json.php Endpoint_CVE-2026-56346 AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated use...	AVideo	AVideo	Jun 20, 2026	CVE
CRITICAL 9.2	CVE-2026-56345	AVideo – Arbitrary User Session Hijacking via Meet Plugin uploadRecordedVideo Endpoint_CVE-2026-56345 AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the targ...	AVideo	AVideo	Jun 20, 2026	CVE
MEDIUM 6.1	CVE-2026-56342	AVideo – Server-Side Request Forgery in Live/test.php via statsURL Parameter_CVE-2026-56342 AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators t...	AVideo	AVideo	Jun 20, 2026	CVE
HIGH 8.7	CVE-2026-56341	AVideo – Unauthenticated Access to Payment Log DataTables Endpoints via list.json.php_CVE-2026-56341 AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing Pay...	AVideo	AVideo	Jun 20, 2026	CVE
HIGH 8.7	CVE-2026-56340	vLLM – Denial of Service via Unvalidated Multimodal Embeddings_CVE-2026-56340 vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tens...	vLLM	vLLM 0.10.2	Jun 20, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

BerriAI litellm M2M JWT user_api_key_auth.py improper authorization_CVE-2026-12771

Recent Advisories

ai-goat-ai-vulnerability-exploits-collection_B9CE5CD6-EC89-5FA8-B3CB-408F75A699C5

CVE-2026-56355_CVE-2026-56355

Web-Security-Audit-Skill_EBBC7019-30C8-5C4F-A020-88763BC8166B

AVideo TopMenu Plugin – Stored Cross-Site Scripting via Unescaped Menu Item Fields_CVE-2026-56347

AVideo – Unauthenticated PGP Message Decryption via decryptMessage.json.php Endpoint_CVE-2026-56346

AVideo – Arbitrary User Session Hijacking via Meet Plugin uploadRecordedVideo Endpoint_CVE-2026-56345

AVideo – Server-Side Request Forgery in Live/test.php via statsURL Parameter_CVE-2026-56342

AVideo – Unauthenticated Access to Payment Log DataTables Endpoints via list.json.php_CVE-2026-56341

vLLM – Denial of Service via Unvalidated Multimodal Embeddings_CVE-2026-56340

Protect Your Attack Surface with RedGem

Security Intelligence
Feed