Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

362 New today

66,046 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

383

Jun 26

Jun 27

Critical

High

Medium

Low

Latest

CVE CVSS 5.5

Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend_CVE-2026-44018

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft...

CVE-2026-44018 docling-project docling >= 2.45.0, < 2.91.0

Jun 26, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.4	CVE-2026-12411	Broken Access Control in Canonical LXD DevLXD API_CVE-2026-12411 Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another ...	Canonical	lxd 6.6	Jun 26, 2026	CVE
HIGH 8.7	CVE-2026-57518	Pagekit CMS 1.0.18 Privilege Escalation via UserApiController_CVE-2026-57518 Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escala...	pagekit	pagekit 1.0.18	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-57231	Podman: Malformed Image can trick podman run into leaking host environment variables into the container_CVE-2026-57231 Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a k...	podman-container-tools	podman >= 1.8.1, < 5.8.4	Jun 26, 2026	CVE
MEDIUM 5.4	CVE-2026-56823	AutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping Triggering_CVE-2026-56823 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the `POST /ap...	Significant-Gravitas	AutoGPT < 0.6.64	Jun 26, 2026	CVE
HIGH 8.5	CVE-2026-56663	AutoGPT: SSRF-to-RCE Chain in `SendWebRequestBlock` via IP validation bypass and internal `pg-meta` access_CVE-2026-56663 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an auth...	Significant-Gravitas	AutoGPT < 0.6.52	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-55686	Podman: WORKDIR symlink traversal vulnerability_CVE-2026-55686 Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains ...	podman-container-tools	podman >= 3.0.0, < 5.7.1	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-55677	Echo: Encoded slash (%2F) bypasses route-level protection and exposes static files_CVE-2026-55677 Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches rout...	labstack	echo < 4.15.3	Jun 26, 2026	CVE
CRITICAL 9	CVE-2026-54636	Dokku: OS Command Injection via app.json managed Cron_CVE-2026-54636 Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku ...	dokku	dokku < 0.38.7	Jun 26, 2026	CVE
MEDIUM 6	CVE-2026-48529	GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion_CVE-2026-48529 GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessC...	github	github-mcp-server >= 0.22.0, < 1.1.2	Jun 26, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend_CVE-2026-44018

Recent Advisories

Broken Access Control in Canonical LXD DevLXD API_CVE-2026-12411

Pagekit CMS 1.0.18 Privilege Escalation via UserApiController_CVE-2026-57518

Podman: Malformed Image can trick podman run into leaking host environment variables into the container_CVE-2026-57231

AutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping Triggering_CVE-2026-56823

AutoGPT: SSRF-to-RCE Chain in `SendWebRequestBlock` via IP validation bypass and internal `pg-meta` access_CVE-2026-56663

Podman: WORKDIR symlink traversal vulnerability_CVE-2026-55686

Echo: Encoded slash (%2F) bypasses route-level protection and exposes static files_CVE-2026-55677

Dokku: OS Command Injection via app.json managed Cron_CVE-2026-54636

GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion_CVE-2026-48529

Protect Your Attack Surface with RedGem

Security Intelligence
Feed