Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

366 New today
66,066 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
386
Jun 26
17
Jun 27
Critical
High
Medium
Low
Latest
CVE CVSS 7.5

Notepad++: Privilege Escalation in the Installer via Uncontrolled Executable Search Path_CVE-2026-46710

Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without using an absolute path after setting the working di...

CVE-2026-46710 notepad-plus-plus notepad-plus-plus >= 8.9.4, < 8.9.6
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.7 CVE-2026-55069

Kestra BasicAuth Password Stored as SHA-512 Enables Offline Brute-Force Attack_CVE-2026-55069

Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component...

kestra-io kestra < 1.3.24 CVE
MEDIUM 6.5 CVE-2026-53577

Kestra: Cross-Execution File Read via Preview Endpoint (IDOR)_CVE-2026-53577

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint (GET /api/v1/{tena...

kestra-io kestra < 1.0.45 CVE
CRITICAL 10 CVE-2026-53576

Kestra: Unauthenticated RCE via /configs path-suffix auth-filter bypass_CVE-2026-53576

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/ap...

kestra-io kestra < 1.0.45 CVE
HIGH 7.7 CVE-2026-49984

Kestra: Path traversal in `LocalStorage` allows any authenticated user to read arbitrary server files via the execution file-download API (`\..\` bypasses the `..` guard)_CVE-2026-49984

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-suppli...

kestra-io kestra < 1.0.45 CVE
CRITICAL 10 CVE-2026-49869

Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`_CVE-2026-49869

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath(...

kestra-io kestra < 1.0.45 CVE
HIGH 7.7 CVE-2026-45807

Kestra: Path traversal via URL-encoded “%2E%2E” in execution and namespace file endpoints allows arbitrary file read_CVE-2026-45807

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints accept a kestra:// URI from...

kestra-io kestra < 1.0.43 CVE
NONE MSF:EXPLOIT-WINDOWS-

Peyara Remote Mouse 1.0.1 Unauthenticated Remote Code Execution_MSF:EXPLOIT-WINDOWS-MISC-PEYARA_REMOTE_MOUSE_RCE-

This module exploits an unauthenticated remote code execution vulnerability in Peyara Remote Mouse 1.0.1. The application exposes a Socket.IO WebSo...

N/A N/A METASPLOIT
NONE THN:7E1EAC23BDB...

FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys_THN:7E1EAC23BDB48712E7108993DDE56BCD

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjt2-y25_EiB31BmVQQpt9ne8mH9iPOJpYJmItVSIKGexUBmKRwzNSvDYzbVyRm9xxR6H0rE880CTv3QTblU...

N/A N/A THN
MEDIUM 4.3 MS:CVE-2026-13021

Chromium: CVE-2026-13021 Inappropriate implementation in DeviceBoundSessionCredentials_MS:CVE-2026-13021

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...

N/A N/A MSCVE