Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

161 New today

65,709 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

Jun 26

Critical

High

Medium

Low

Latest

CVE CVSS 9.2

socat 1.8.0.0 – 1.8.1.1 Heap Buffer Overflow via SOCKS5 Reply Parser_CVE-2026-56123

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name ...

CVE-2026-56123 socat socat 1.8.0.0

Jun 25, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.5	CVE-2026-55439	Halo: Path Traversal in Backup Download Leads to Arbitrary File Read_CVE-2026-55439 Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated ...	halo-dev	halo < 2.24.3	Jun 25, 2026	CVE
CRITICAL 9.4	CVE-2026-55413	ToolJet – Marketplace Plugin Poisoning Enables Instance-Wide Remote Code Execution_CVE-2026-55413 ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-l...	ToolJet	ToolJet < 3.20.178-lts	Jun 25, 2026	CVE
HIGH 8.3	CVE-2026-55412	ToolJet Cloud – SSRF to Azure Cloud Infrastructure Compromise_CVE-2026-55412 ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-l...	ToolJet	ToolJet < 3.20.178-lts	Jun 25, 2026	CVE
MEDIUM 6.8	CVE-2026-55411	ToolJet: Cross-tenant credential decryption (IDOR) in POST /api/data-sources/decrypt — any authenticated user can decrypt any organization’s data-source secrets_CVE-2026-55411 ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-...	ToolJet	ToolJet < 3.20.1780-lts	Jun 25, 2026	CVE
HIGH 7	CVE-2026-55092	Trivy: Path traversal via a crafted vulnerability database or other downloaded artifacts_CVE-2026-55092 Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the ...	aquasecurity	trivy < 0.71.1	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-54573	Authorization Bypass in API Key/OAuth Scopes via Path Parsing Discrepancy_CVE-2026-54573 Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the AuthenticationHelper.canAccess function uses ctx.originalUrl ...	outline	outline < 1.8.0	Jun 25, 2026	CVE
MEDIUM 6.9	CVE-2026-54448	Trivy: Helm chart tar bomb causes OOM via unbounded io.ReadAll in parser_CVE-2026-54448 Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive (.tgz), its custom tar unpacker reads each entry with io.ReadAl...	aquasecurity	trivy < 0.71.0	Jun 25, 2026	CVE
MEDIUM 5.9	CVE-2026-54040	LibreChat: 2FA Backup Code Regeneration Without OTP Verification Allows 2FA Bypass_CVE-2026-54040 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint r...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-54037	LibreChat: Incomplete Fix for CVE-2025-7105 — /api/convos/duplicate Lacks Rate Limiting Applied to /api/convos/fork_CVE-2026-54037 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and f...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

socat 1.8.0.0 – 1.8.1.1 Heap Buffer Overflow via SOCKS5 Reply Parser_CVE-2026-56123

Recent Advisories

Halo: Path Traversal in Backup Download Leads to Arbitrary File Read_CVE-2026-55439

ToolJet – Marketplace Plugin Poisoning Enables Instance-Wide Remote Code Execution_CVE-2026-55413

ToolJet Cloud – SSRF to Azure Cloud Infrastructure Compromise_CVE-2026-55412

ToolJet: Cross-tenant credential decryption (IDOR) in POST /api/data-sources/decrypt — any authenticated user can decrypt any organization’s data-source secrets_CVE-2026-55411

Trivy: Path traversal via a crafted vulnerability database or other downloaded artifacts_CVE-2026-55092

Authorization Bypass in API Key/OAuth Scopes via Path Parsing Discrepancy_CVE-2026-54573

Trivy: Helm chart tar bomb causes OOM via unbounded io.ReadAll in parser_CVE-2026-54448

LibreChat: 2FA Backup Code Regeneration Without OTP Verification Allows 2FA Bypass_CVE-2026-54040

LibreChat: Incomplete Fix for CVE-2025-7105 — /api/convos/duplicate Lacks Rate Limiting Applied to /api/convos/fork_CVE-2026-54037

Protect Your Attack Surface with RedGem

Security Intelligence
Feed