Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

53 New today

66,078 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

386

Jun 26

Jun 27

Critical

High

Medium

Low

Latest

CVE CVSS 4.4

Gutenverse <= 3.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fonts[].font.font.value' Parameter_CVE-2026-12399

The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-12399 jegstudio Gutenverse – WordPress Blocks, Page Builder & Site Editor

Jun 27, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-11987	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' Parameter_CVE-2026-11987 The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecu...	dokaninc	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy	Jun 27, 2026	CVE
MEDIUM 6.4	CVE-2026-11783	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Custom+) Stored Cross-Site Scripting via Product SKU_CVE-2026-11783 The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored...	dokaninc	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy	Jun 27, 2026	CVE
MEDIUM 4.3	CVE-2026-11773	Masteriyo LMS <= 2.2.1 - Missing Authorization to Authenticated (Student+) Arbitrary Course Announcement Modification_CVE-2026-11773 The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, an...	masteriyo	Masteriyo LMS – LMS Course Builder, Quizzes & Certificates	Jun 27, 2026	CVE
MEDIUM 6.4	CVE-2026-11597	Surbma \| Infusionsoft Shortcode <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes_CVE-2026-11597 The Surbma \| Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in vers...	surbma	Surbma \| Infusionsoft Shortcode	Jun 27, 2026	CVE
MEDIUM 4.3	CVE-2026-11364	Product Specifications for Woocommerce <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion via 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX Actions_CVE-2026-11364 The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versi...	dornaweb	Product Specifications for Woocommerce	Jun 27, 2026	CVE
HIGH 7.8	ECD48805-B674-	Exploit for Use After Free in Linux Linux_Kernel_ECD48805-B674-5D15-9640-7AE6AB574266 CVE-2026-43499 — Linux Kernel Futex PI Use-After-Free Bug removewaiter in kernel/locking/rtmutex.c is used by the slowlock paths but also for proxy...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
CRITICAL 10	449EB399-8D3C-	Exploit for Improper Access Control in Widgetfactorylimited Jce_449EB399-8D3C-5528-B03B-B58DC4645B9D MASTA CVE-2026-48907 Scanner Joomla! JCE 2.9.99.5 Unauthenticated Remote Code Execution RCE Scanner --- 🚨 LEGAL DISCLAIMER & ETHICAL USE This tool...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
CRITICAL 9.8	CVE-2026-12415	Invoice Generator <= 1.0.0 - Unauthenticated Privilege Escalation via Account Takeover via 'user_id' Parameter_CVE-2026-12415 The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravel_invoice_edit_accou...	pravel	Invoice Generator	Jun 27, 2026	CVE
HIGH 8.7	7D0D67E6-AAE8-	Exploit for CVE-2026-46331_7D0D67E6-AAE8-52CC-B577-3C66E3ECB231 cve-id ⚡ Simple Usage Use this project only in safe and authorized environments such as: - Local virtual machines - Docker containers - Isolated l...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT

Security Intelligence
Feed

Daily Security Trends (Last 14 Days)

Gutenverse <= 3.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fonts[].font.font.value' Parameter_CVE-2026-12399

Recent Advisories

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' Parameter_CVE-2026-11987

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Custom+) Stored Cross-Site Scripting via Product SKU_CVE-2026-11783

Masteriyo LMS <= 2.2.1 - Missing Authorization to Authenticated (Student+) Arbitrary Course Announcement Modification_CVE-2026-11773

Surbma | Infusionsoft Shortcode <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes_CVE-2026-11597

Product Specifications for Woocommerce <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion via 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX Actions_CVE-2026-11364

Exploit for Use After Free in Linux Linux_Kernel_ECD48805-B674-5D15-9640-7AE6AB574266

Exploit for Improper Access Control in Widgetfactorylimited Jce_449EB399-8D3C-5528-B03B-B58DC4645B9D

Invoice Generator <= 1.0.0 - Unauthenticated Privilege Escalation via Account Takeover via 'user_id' Parameter_CVE-2026-12415

Exploit for CVE-2026-46331_7D0D67E6-AAE8-52CC-B577-3C66E3ECB231

Protect Your Attack Surface with RedGem

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Gutenverse <= 3.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fonts[].font.font.value' Parameter_CVE-2026-12399

Recent Advisories

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' Parameter_CVE-2026-11987

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Custom+) Stored Cross-Site Scripting via Product SKU_CVE-2026-11783

Masteriyo LMS <= 2.2.1 - Missing Authorization to Authenticated (Student+) Arbitrary Course Announcement Modification_CVE-2026-11773

Surbma | Infusionsoft Shortcode <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes_CVE-2026-11597

Product Specifications for Woocommerce <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion via 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX Actions_CVE-2026-11364

Exploit for Use After Free in Linux Linux_Kernel_ECD48805-B674-5D15-9640-7AE6AB574266

Exploit for Improper Access Control in Widgetfactorylimited Jce_449EB399-8D3C-5528-B03B-B58DC4645B9D

Invoice Generator <= 1.0.0 - Unauthenticated Privilege Escalation via Account Takeover via 'user_id' Parameter_CVE-2026-12415

Exploit for CVE-2026-46331_7D0D67E6-AAE8-52CC-B577-3C66E3ECB231

Protect Your Attack Surface with RedGem

Security Intelligence
Feed