Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

299 New today
64,626 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
305
Jun 22
Jun 23
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.6 CVE-2026-54274

AIOHTTP: Incomplete websocket frame payloads bypass memory limits_CVE-2026-54274

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket fr...

aio-libs aiohttp < 3.14.1 CVE
MEDIUM 6.6 CVE-2026-54273

AIOHTTP: HTTP/1 Pipelined Requests Queue Without Limit_CVE-2026-54273

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined re...

aio-libs aiohttp < 3.14.1 CVE
HIGH 8.2 CVE-2026-54271

protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names_CVE-2026-54271

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / stati...

protobufjs protobufjs-cli < 1.3.2 CVE
MEDIUM 5.3 CVE-2026-54270

protobufjs: Memory amplification from preserved unknown fields in binary decode_CVE-2026-54270

protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message...

protobufjs protobuf.js >=8.2.0, < 8.5.0 CVE
MEDIUM 5.3 CVE-2026-54269

protobufjs: Schema-derived names can shadow runtime-significant properties_CVE-2026-54269

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names...

protobufjs protobuf.js < 7.6.3 CVE
MEDIUM 5.5 CVE-2026-53632

NTLMv2 hash disclosure via UNC path handling on Windows_CVE-2026-53632

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrar...

vitejs launch-editor < 2.14.1 CVE
HIGH 8.2 CVE-2026-53571

Vite: `server.fs.deny` bypass on Windows alternate paths_CVE-2026-53571

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny ...

vitejs vite >= 8.0.0, < 8.0.16 CVE
LOW 3.7 CVE-2026-53540

Python-Multipart: Negative Content-Length in parse_form buffers the entire body in memory_CVE-2026-53540

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parse_form() did not validate the Content-Length header before using ...

Kludex python-multipart < 0.0.31 CVE
HIGH 7.5 CVE-2026-53539

Python-Multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service_CVE-2026-53539

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, when parsing application/x-www-form-urlencoded bodies, QuerystringPar...

Kludex python-multipart < 0.0.30 CVE