Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

162 New today

65,715 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

Jun 26

Critical

High

Medium

Low

Latest

CVE CVSS 7.6

picklescan – Remote Code Execution via idlelib.pyshell.ModifiedInterpreter.runcode_CVE-2025-71340

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load(), enabl...

CVE-2025-71340 picklescan picklescan

Jun 25, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	CVE-2025-71338	Flowise – Arbitrary File Write to Remote Code Execution via document-store API_CVE-2025-71338 Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to writ...	Flowise	Flowise	Jun 25, 2026	CVE
CRITICAL 9.3	CVE-2025-71336	Flowise – Unsandboxed Remote Code Execution via Custom MCP_CVE-2025-71336 Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) contains an unsandboxed remote code execution vulnerability in the Custom MCP fe...	Flowise	Flowise	Jun 25, 2026	CVE
HIGH 8.6	CVE-2025-71335	Flowise – Session Invalidation Failure After Password Change_CVE-2025-71335 Flowise before 3.0.10 (affected versions 3.0.7 and earlier) fails to invalidate existing sessions and session tokens after a user changes their pas...	Flowise	Flowise	Jun 25, 2026	CVE
CRITICAL 9.3	CVE-2025-71334	Flowise – Arbitrary File Access via Missing Chat Flow ID Validation_CVE-2025-71334 Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatf...	Flowise	Flowise	Jun 25, 2026	CVE
CRITICAL 9.3	CVE-2025-71333	Flowise – Arbitrary File Upload via Unauthenticated /api/v1/attachments Endpoint_CVE-2025-71333 Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set t...	Flowise	Flowise	Jun 25, 2026	CVE
HIGH 8.7	CVE-2025-71328	Flowise – Unverified Password Change via Account Settings_CVE-2025-71328 Flowise before 3.0.10 contains an unverified password change vulnerability. An authenticated user can change their account password through the acc...	Flowise	Flowise	Jun 25, 2026	CVE
CRITICAL 9.3	CVE-2025-71327	Flowise – Authentication Bypass via Unprotected Registration Endpoint_CVE-2025-71327 Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers ...	Flowise	Flowise 3.0.1	Jun 25, 2026	CVE
HIGH 8.7	CVE-2025-71324	Flowise – Arbitrary File Read via chatId Parameter_CVE-2025-71324 Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assist...	Flowise	Flowise	Jun 25, 2026	CVE
MEDIUM 6.1	CVE-2026-40080	Cacti: Open Redirect via HTTP_REFERER substring check in auth_login_redirect_CVE-2026-40080 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring c...	Cacti	cacti < 1.2.31	Jun 25, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

picklescan – Remote Code Execution via idlelib.pyshell.ModifiedInterpreter.runcode_CVE-2025-71340

Recent Advisories

Flowise – Arbitrary File Write to Remote Code Execution via document-store API_CVE-2025-71338

Flowise – Unsandboxed Remote Code Execution via Custom MCP_CVE-2025-71336

Flowise – Session Invalidation Failure After Password Change_CVE-2025-71335

Flowise – Arbitrary File Access via Missing Chat Flow ID Validation_CVE-2025-71334

Flowise – Arbitrary File Upload via Unauthenticated /api/v1/attachments Endpoint_CVE-2025-71333

Flowise – Unverified Password Change via Account Settings_CVE-2025-71328

Flowise – Authentication Bypass via Unprotected Registration Endpoint_CVE-2025-71327

Flowise – Arbitrary File Read via chatId Parameter_CVE-2025-71324

Cacti: Open Redirect via HTTP_REFERER substring check in auth_login_redirect_CVE-2026-40080

Protect Your Attack Surface with RedGem

Security Intelligence
Feed