Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

362 New today

66,025 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

362

Jun 26

Critical

High

Medium

Low

Latest

GITHUBEXPLOIT CVSS 8.8

Exploit for Deserialization of Untrusted Data in Splunk_030DAD67-A828-5EBE-BC28-DC3BB6C406CE

CVE-2026-20251 — Splunk Secure Gateway jsonpickle Deserialization RCE Researcher: Fady Oueslati · ReactiveZero Security Research Reference: 2026FO-SPLUNK-20251 CVSS: 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Status: Open — patch available ---...

030DAD67-A828-5EBE-BC28-DC3BB6C406CE

Jun 26, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.8	CVE-2026-45195	GPU DDK – rgxfw_set_mips_fault_address(&psInit->sFaultPhysAddr) is untrusted_CVE-2026-45195 Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the...	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 26, 2026	CVE
HIGH 7.7	CVE-2026-21734	GPU DDK – libusc OOB write at TreeRemove during WebGPU shader compilation_CVE-2026-21734 A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the G...	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 26, 2026	CVE
HIGH 7.2	CVE-2026-13372	CVE-2026-13372_CVE-2026-13372 Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allo...	Devolutions	Remote Desktop Manager 2026.2.5	Jun 26, 2026	CVE
CRITICAL 9.9	CVE-2026-52785	OpenProject: SQL injection in timestamps functionality_CVE-2026-52785 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a SQL injection in timestamps functionality...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
HIGH 8.8	CVE-2026-52784	OpenProject: CSRF on TARGET through /users/:id via POST parameter “user[admin]”_CVE-2026-52784 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a CSRF on TARGET through /users/:id via POS...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
HIGH 8.2	CVE-2026-52783	OpenProject: Information Disclosure (cleartext storage of data) on localhost through memcached via Others “storage..httpx_access_token” leads to Sensitive Data Exposure_CVE-2026-52783 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/Sh...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
CRITICAL 9.9	CVE-2026-52782	OpenProject: IDOR through /projects//settings/project_storages/ via PATCH parameter “storages_project_storage[project_folder_id]” leads to Access to Unauthorized Resources_CVE-2026-52782 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is an IDOR through /projects//settings/project...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
MEDIUM 6.4	CVE-2026-52781	OpenProject: Stored XSS on openproject.example.com through /api/v3/projects/{project}/work_packages via POST parameter “description”_CVE-2026-52781 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the HTML sanitizer grants elements unrestricted dat...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
CRITICAL 9.6	CVE-2026-52780	OpenProject: Cache store poisoning leads to Remote Code Execution (RCE)_CVE-2026-52780 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution...	opf	openproject < 17.3.3	Jun 26, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Exploit for Deserialization of Untrusted Data in Splunk_030DAD67-A828-5EBE-BC28-DC3BB6C406CE

Recent Advisories

GPU DDK – rgxfw_set_mips_fault_address(&psInit->sFaultPhysAddr) is untrusted_CVE-2026-45195

GPU DDK – libusc OOB write at TreeRemove during WebGPU shader compilation_CVE-2026-21734

CVE-2026-13372_CVE-2026-13372

OpenProject: SQL injection in timestamps functionality_CVE-2026-52785

OpenProject: CSRF on TARGET through /users/:id via POST parameter “user[admin]”_CVE-2026-52784

OpenProject: Information Disclosure (cleartext storage of data) on localhost through memcached via Others “storage..httpx_access_token” leads to Sensitive Data Exposure_CVE-2026-52783

OpenProject: IDOR through /projects//settings/project_storages/ via PATCH parameter “storages_project_storage[project_folder_id]” leads to Access to Unauthorized Resources_CVE-2026-52782

OpenProject: Stored XSS on openproject.example.com through /api/v3/projects/{project}/work_packages via POST parameter “description”_CVE-2026-52781

OpenProject: Cache store poisoning leads to Remote Code Execution (RCE)_CVE-2026-52780

Protect Your Attack Surface with RedGem

Security Intelligence
Feed