Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

334 New today

67,038 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

386

Jun 26

Jun 27

318

Jun 28

284

Jun 29

334

Jun 30

Critical

High

Medium

Low

Latest

CVE CVSS 9.1

Ocelot – IP Allow/Block List Bypass for WebSocket Upgrade Requests_CVE-2026-58172

Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotP...

CVE-2026-58172 ThreeMammals Ocelot

Jun 30, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.2	CVE-2026-58171	Vibe-Trading < 0.1.10 - Path Traversal via Swarm Run Identifier_CVE-2026-58171 Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory without vali...	HKUDS	Vibe-Trading	Jun 30, 2026	CVE
HIGH 8.3	CVE-2026-58170	Vibe-Trading < 0.1.10 - Path Traversal in Proposal Identifier Allows Forging Live Trading Mandates_CVE-2026-58170 Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory witho...	HKUDS	Vibe-Trading	Jun 30, 2026	CVE
HIGH 7.5	CVE-2026-58169	Vibe-Trading < 0.1.10 - Loopback Trust and Missing Host Validation Enable DNS-Rebinding Authentication Bypass and Remote Code Execution_CVE-2026-58169 Vibe-Trading before 0.1.10's local API server trusts the TCP peer address to bypass the API_AUTH_KEY bearer-token check for loopback clients and pe...	HKUDS	Vibe-Trading	Jun 30, 2026	CVE
HIGH 8.8	CVE-2026-58168	DeepTutor < 1.4.10 - Insecure Default Grants Unrestricted MCP Tool Access to Non-Admin Users_CVE-2026-58168 DeepTutor before version 1.4.10 contains an authorization bypass vulnerability that allows low-privilege users to invoke unrestricted MCP tools due...	HKUDS	DeepTutor	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-58167	Nightingale < 9.0.0-beta.2 - Datasource Credential Disclosure to Low-Privilege Users_CVE-2026-58167 Nightingale (n9e) before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basi...	ccfos	nightingale	Jun 30, 2026	CVE
CRITICAL 9.1	CVE-2026-58166	OpenBMB ChatDev – Unauthenticated Path Traversal in Upload Handler Allows Arbitrary File Write and Delete_CVE-2026-58166 OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows unauthenticated remote attackers to wri...	OpenBMB	ChatDev	Jun 30, 2026	CVE
HIGH 8.8	CVE-2026-58165	OpenZiti – Privilege Escalation to Admin via Unauthorized Enrollment Creation_CVE-2026-58165 OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with ...	openziti	ziti	Jun 30, 2026	CVE
HIGH 7.5	CVE-2026-49451	Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing_CVE-2026-49451 The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML...	microsoft	OpenAPI.NET >= 2.0.0-preview11, < 2.7.5	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-10655	Use-after-free race in SNTP async client when closing the socket while the socket service is still polling it_CVE-2026-10655 The asynchronous SNTP client in Zephyr (subsys/net/lib/sntp/sntp.c, sntp_close_async) closed the UDP socket file descriptor directly from the calli...	zephyrproject	zephyr 4.2.0	Jun 30, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Ocelot – IP Allow/Block List Bypass for WebSocket Upgrade Requests_CVE-2026-58172

Recent Advisories

Vibe-Trading < 0.1.10 - Path Traversal via Swarm Run Identifier_CVE-2026-58171

Vibe-Trading < 0.1.10 - Path Traversal in Proposal Identifier Allows Forging Live Trading Mandates_CVE-2026-58170

Vibe-Trading < 0.1.10 - Loopback Trust and Missing Host Validation Enable DNS-Rebinding Authentication Bypass and Remote Code Execution_CVE-2026-58169

DeepTutor < 1.4.10 - Insecure Default Grants Unrestricted MCP Tool Access to Non-Admin Users_CVE-2026-58168

Nightingale < 9.0.0-beta.2 - Datasource Credential Disclosure to Low-Privilege Users_CVE-2026-58167

OpenBMB ChatDev – Unauthenticated Path Traversal in Upload Handler Allows Arbitrary File Write and Delete_CVE-2026-58166

OpenZiti – Privilege Escalation to Admin via Unauthorized Enrollment Creation_CVE-2026-58165

Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing_CVE-2026-49451

Use-after-free race in SNTP async client when closing the socket while the socket service is still polling it_CVE-2026-10655

Protect Your Attack Surface with RedGem

Security Intelligence
Feed