Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

264 New today

64,888 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

250

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 6.8

Infility Global < 2.15.20 - Editor+ SQL Injection via orderby Parameter_CVE-2026-7842

The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the import_list(), url_detail(), and file_detail() admin page callbacks before using them in SQL queries, allowing authenticated ...

CVE-2026-7842 Unknown Infility Global

Jun 23, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.2	CVE-2026-56784	OpenRemote Manager – Cross-Tenant IDOR in Bulk Alarm Deletion_CVE-2026-56784 OpenRemote Manager before 1.24.2 contains an insecure direct object reference vulnerability in the removeAlarms() method that allows authenticated ...	openremote	openremote	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-56762	Hono – Missing Cookie Name Validation in setCookie()_CVE-2026-56762 Hono before 4.12.12 does not validate cookie names on the write path in the setCookie(), serialize(), and serializeSigned() functions, allowing inv...	Hono	Hono	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-56701	Grav – XML External Entity Injection via SVG Upload_CVE-2026-56701 Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers ...	Grav	Grav	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-56376	ImageMagick – Heap Use-After-Free in Meta Coder_CVE-2026-56376 ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written ...	ImageMagick	ImageMagick	Jun 23, 2026	CVE
HIGH 8.7	CVE-2026-56322	Capgo – Information Disclosure via Unauthenticated /updates defaultChannel Parameter_CVE-2026-56322 Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updates endpoint that resolves the defaultChannel pa...	Capgo	Capgo	Jun 23, 2026	CVE
CRITICAL 9.3	CVE-2026-56315	picklescan – Remote Code Execution via Unblocked Standard Library Modules_CVE-2026-56315 picklescan before 1.0.4 fails to block at least seven Python standard library modules (including uuid, _osx_support, _aix_support, _pyrepl.pager, a...	picklescan	picklescan	Jun 23, 2026	CVE
MEDIUM 6.8	CVE-2026-56301	Nuxt – Arbitrary File Read via World-Connectable vite-node IPC Socket on Linux_CVE-2026-56301 Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server (nuxt dev) on Linux, binds the vite-node IPC server to an abs...	Nuxt	Nuxt 4.0.0	Jun 23, 2026	CVE
MEDIUM 6	CVE-2026-56275	Flowise – Server-Side Request Forgery via Execute Flow Base URL_CVE-2026-56275 Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validat...	Flowise	Flowise	Jun 23, 2026	CVE
HIGH 8.7	CVE-2026-56274	Flowise – Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccess_CVE-2026-56274 Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validat...	Flowise	Flowise	Jun 23, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Infility Global < 2.15.20 - Editor+ SQL Injection via orderby Parameter_CVE-2026-7842

Recent Advisories

OpenRemote Manager – Cross-Tenant IDOR in Bulk Alarm Deletion_CVE-2026-56784

Hono – Missing Cookie Name Validation in setCookie()_CVE-2026-56762

Grav – XML External Entity Injection via SVG Upload_CVE-2026-56701

ImageMagick – Heap Use-After-Free in Meta Coder_CVE-2026-56376

Capgo – Information Disclosure via Unauthenticated /updates defaultChannel Parameter_CVE-2026-56322

picklescan – Remote Code Execution via Unblocked Standard Library Modules_CVE-2026-56315

Nuxt – Arbitrary File Read via World-Connectable vite-node IPC Socket on Linux_CVE-2026-56301

Flowise – Server-Side Request Forgery via Execute Flow Base URL_CVE-2026-56275

Flowise – Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccess_CVE-2026-56274

Protect Your Attack Surface with RedGem

Security Intelligence
Feed