Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

218 New today

65,803 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

140

Jun 26

Critical

High

Medium

Low

Latest

CVE CVSS 9

Dokku: Arbitrary File Write via Tar Symlink Traversal in git:from-archive and certs:add_CVE-2026-45405

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follow...

CVE-2026-45405 dokku dokku < 0.38.2

Jun 26, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5	CVE-2026-28385	SSRF via image import from URL allows internal network probing by authenticated users_CVE-2026-28385 In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticat...	Canonical	lxd 6.0	Jun 26, 2026	CVE
MEDIUM 4.9	CVE-2026-13434	Virt-controller-rhel9: kubevirt: kubevirt: multus default-network annotation injection via unvalidated tenant networkname when externalnetresourceinjection is enabled_CVE-2026-13434 A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, th...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-11779	PayloadCMS 3.84.1 – Authenticated account lockout bypass through default unlock access_CVE-2026-11779 An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.	PayloadCMS	PayloadCMS 3.84.1	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2025-32423	AutoGPT: There is a DoS vulnerability in ExtractTextInformationBlock_CVE-2025-32423 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there i...	Significant-Gravitas	AutoGPT < 0.6.32	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2025-32394	AutoGPT: There is a DoS vulnerability in AITextSummarizerBlock_CVE-2025-32394 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there i...	Significant-Gravitas	AutoGPT < 0.6.32	Jun 26, 2026	CVE
NONE	B6A66232-7621-	Sql-injection-scanner_B6A66232-7621-5872-A51D-EDDA3F824073 Sql-injection-scanner Developing a security scanning tool that can quickly, reliably, and automatically detect SQL Injection vulnerabilities in web...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
NONE	THN:7A6FC6E72B7...	Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign_THN:7A6FC6E72B7906A66B33E84A6B61E75E ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHsYcZgd4WIkN0k-b4_j7JxBgi0R0dzj0jSwSWVgItyIy88VoZK5z8BAiwjmYnou7YLrNuckCgQvnHXV2KYH...	N/A	N/A	Jun 26, 2026	THN
NONE	H1:3823932	curl: CURLOPT_HAPROXY_CLIENT_IP lacks input validation, enabling HAProxy PROXY protocol injection_H1:3823932 Summary The CURLOPT_HAPROXY_CLIENT_IP option accepts an arbitrary string without validating that it is a valid IP address, and without stripping...	N/A	N/A	Jun 25, 2026	HACKERONE
NONE	H1:3826199	curl: mbedTLS / wolfSSL / rustls backends silently skip hostname verification when CURLOPT_SSL_VERIFYPEER=0_H1:3826199 ## Summary When an application sets `CURLOPT_SSL_VERIFYPEER=0` while keeping `CURLOPT_SSL_VERIFYHOST=2` (the default), the mbedTLS, wolfSSL, and r...	N/A	N/A	Jun 26, 2026	HACKERONE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Dokku: Arbitrary File Write via Tar Symlink Traversal in git:from-archive and certs:add_CVE-2026-45405

Recent Advisories

SSRF via image import from URL allows internal network probing by authenticated users_CVE-2026-28385

Virt-controller-rhel9: kubevirt: kubevirt: multus default-network annotation injection via unvalidated tenant networkname when externalnetresourceinjection is enabled_CVE-2026-13434

PayloadCMS 3.84.1 – Authenticated account lockout bypass through default unlock access_CVE-2026-11779

AutoGPT: There is a DoS vulnerability in ExtractTextInformationBlock_CVE-2025-32423

AutoGPT: There is a DoS vulnerability in AITextSummarizerBlock_CVE-2025-32394

Sql-injection-scanner_B6A66232-7621-5872-A51D-EDDA3F824073

Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign_THN:7A6FC6E72B7906A66B33E84A6B61E75E

curl: CURLOPT_HAPROXY_CLIENT_IP lacks input validation, enabling HAProxy PROXY protocol injection_H1:3823932

curl: mbedTLS / wolfSSL / rustls backends silently skip hostname verification when CURLOPT_SSL_VERIFYPEER=0_H1:3826199

Protect Your Attack Surface with RedGem

Security Intelligence
Feed