Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

227 New today

66,926 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

386

Jun 26

Jun 27

318

Jun 28

284

Jun 29

222

Jun 30

Critical

High

Medium

Low

Latest

CVE CVSS 5.3

Elide 7.1.17 – Permission Bypass in Sort Expression Validation_CVE-2026-57954

Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers to sort collections by forbidden fields. Attackers can infer hidden field values through row ordering analysis, leaking relative fi...

CVE-2026-57954 yahoo elide

Jun 29, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-57953	Mythic < 3.4.0.60 - Unauthorized Automation Workflow Modification via eventing_import_automatic_webhook Endpoint_CVE-2026-57953 Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write ...	its-a-feature	Mythic	Jun 29, 2026	CVE
MEDIUM 6	CVE-2026-57952	Mythic < 3.4.0.60 - Unauthorized C2 Profile Configuration Access via Unverified Payload UUID_CVE-2026-57952 Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints (c2profile_config_check_webhook, c2profile_redirect_ru...	its-a-feature	Mythic	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57951	Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table_CVE-2026-57951 Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table with an always-satisfied _or condition that bypas...	its-a-feature	Mythic	Jun 29, 2026	CVE
HIGH 8.6	CVE-2026-57950	ruoyi-vue-pro – Incorrect Permission Namespace in ErpSaleOrderController_CVE-2026-57950 ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control vulnerability in ErpSaleOrderController that allows attacke...	Yunai	ruoyi-vue-pro	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57949	ruoyi-vue-pro – Missing Authorization in CRM Follow-up Record GET Endpoint_CVE-2026-57949 ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follo...	Yunai	ruoyi-vue-pro	Jun 29, 2026	CVE
HIGH 7.6	CVE-2026-57948	Pinpoint – Insecure Session Cookie Attributes in pinpointJwt_CVE-2026-57948 Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie...	pinpoint-apm	pinpoint	Jun 29, 2026	CVE
MEDIUM 6.3	CVE-2026-57947	Pinpoint – Server-Side Request Forgery via Alarm Webhook Registration_CVE-2026-57947 Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to...	pinpoint-apm	pinpoint	Jun 29, 2026	CVE
MEDIUM 6.3	CVE-2026-57946	Invidious – Private Playlist Disclosure via Unauthenticated RSS Feed Endpoint_CVE-2026-57946 Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private play...	iv-org	Invidious	Jun 29, 2026	CVE
MEDIUM 5.3	CVE-2026-57945	PhotoPrism – Unauthorized User Profile Modification via PUT /api/v1/users/{uid} Endpoint_CVE-2026-57945 PhotoPrism before 260601-a7d098548 contains a broken access control vulnerability that allows authenticated non-admin users to modify other users' ...	photoprism	photoprism	Jun 29, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Elide 7.1.17 – Permission Bypass in Sort Expression Validation_CVE-2026-57954

Recent Advisories

Mythic < 3.4.0.60 - Unauthorized Automation Workflow Modification via eventing_import_automatic_webhook Endpoint_CVE-2026-57953

Mythic < 3.4.0.60 - Unauthorized C2 Profile Configuration Access via Unverified Payload UUID_CVE-2026-57952

Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table_CVE-2026-57951

ruoyi-vue-pro – Incorrect Permission Namespace in ErpSaleOrderController_CVE-2026-57950

ruoyi-vue-pro – Missing Authorization in CRM Follow-up Record GET Endpoint_CVE-2026-57949

Pinpoint – Insecure Session Cookie Attributes in pinpointJwt_CVE-2026-57948

Pinpoint – Server-Side Request Forgery via Alarm Webhook Registration_CVE-2026-57947

Invidious – Private Playlist Disclosure via Unauthenticated RSS Feed Endpoint_CVE-2026-57946

PhotoPrism – Unauthorized User Profile Modification via PUT /api/v1/users/{uid} Endpoint_CVE-2026-57945

Protect Your Attack Surface with RedGem

Security Intelligence
Feed