Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

53 New today

66,078 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

386

Jun 26

Jun 27

Critical

High

Medium

Low

Latest

GITHUBEXPLOIT CVSS 10

Exploit for Authentication Bypass Using an Alternate Path or Channel in Traefik_7F7749F6-023B-5070-9A69-60448F7E541E

CVE-2026-48020 — Traefik StripPrefix Route-Level Auth Bypass PoC A self-contained proof of concept for CVE-2026-48020, a route-level authentication/authorization bypass in Traefik's StripPrefix middleware caused by path normalisation happening after...

7F7749F6-023B-5070-9A69-60448F7E541E

Jun 27, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	73764E05-FE56-	xss-vulnerability-scanner_73764E05-FE56-54D5-88DB-FC538242C5EB Application Security: Automated Reflected XSS Web Fuzzer 📝 Description This application security testing utility evaluates web forms against Refle...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
MEDIUM 6.1	CVE-2026-13245	MaxButtons <= 9.8.5 - Reflected Cross-Site Scripting via 'view' Parameter_CVE-2026-13245 The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to...	maxfoundry	MaxButtons – Create buttons	Jun 27, 2026	CVE
MEDIUM 5.3	CVE-2026-12404	NEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via CSVExport Class_CVE-2026-12404 The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including...	webaways	NEX-Forms – Ultimate Forms Plugin for WordPress	Jun 27, 2026	CVE
MEDIUM 5.3	CVE-2026-9242	RegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN Request_CVE-2026-9242 The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication ...	metagauss	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login	Jun 27, 2026	CVE
MEDIUM 4.3	CVE-2026-9233	Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action_CVE-2026-9233 The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and...	expresstech	Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker	Jun 27, 2026	CVE
MEDIUM 6.5	CVE-2026-3462	Frisbii Pay <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token Modification_CVE-2026-3462 The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'upload_csv' and 'p...	reepaydenmark	Frisbii Pay	Jun 27, 2026	CVE
MEDIUM 6.4	CVE-2026-13295	Page Builder by SiteOrigin <= 2.34.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via panels_data Parameter_CVE-2026-13295 The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panels_data Parameter in all versions up to, a...	gpriday	Page Builder by SiteOrigin	Jun 27, 2026	CVE
MEDIUM 4.3	CVE-2026-12471	Spexo <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation_CVE-2026-12471 The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activate_plugin function in all version...	templatescoderthemes	Spexo	Jun 27, 2026	CVE
MEDIUM 5.3	CVE-2026-12432	Stripe Payment Forms by WP Full Pay <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation via 'paymentIntentId' Parameter_CVE-2026-12432 The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 8.4.3 via the wpfs_update_fai...	themeisle	Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions	Jun 27, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Exploit for Authentication Bypass Using an Alternate Path or Channel in Traefik_7F7749F6-023B-5070-9A69-60448F7E541E

Recent Advisories

xss-vulnerability-scanner_73764E05-FE56-54D5-88DB-FC538242C5EB

MaxButtons <= 9.8.5 - Reflected Cross-Site Scripting via 'view' Parameter_CVE-2026-13245

NEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via CSVExport Class_CVE-2026-12404

RegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN Request_CVE-2026-9242

Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action_CVE-2026-9233

Frisbii Pay <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token Modification_CVE-2026-3462

Page Builder by SiteOrigin <= 2.34.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via panels_data Parameter_CVE-2026-13295

Spexo <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation_CVE-2026-12471

Stripe Payment Forms by WP Full Pay <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation via 'paymentIntentId' Parameter_CVE-2026-12432

Protect Your Attack Surface with RedGem

Security Intelligence
Feed