Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

87 New today

64,299 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

Jun 21

Critical

High

Medium

Low

Latest

CVE CVSS 8.6

Craft CMS – Remote Code Execution via Missing Config Sanitization in FieldsController_CVE-2026-56382

Craft CMS (composer package craftcms/cms) versions >= 5.5.0 and <= 5.9.13 contain a remote code execution vulnerability in the FieldsController::actionRenderCardPreview() method, which passes the fieldLayoutConfig POST parameter directly to Fields::createLayout() without calli...

CVE-2026-56382 craftcms cms 5.5.0

Jun 21, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.6	CVE-2026-56381	Craft CMS – Stored XSS via User Group Name in User Permissions Page_CVE-2026-56381 Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Permissions page where user group names are rende...	craftcms	cms 5.0.0-RC1	Jun 21, 2026	CVE
MEDIUM 6.3	CVE-2026-56378	ImageMagick – Heap Out-of-Bounds Read in PCD Decoder_CVE-2026-56378 ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file c...	ImageMagick	ImageMagick	Jun 21, 2026	CVE
MEDIUM 6.3	CVE-2026-56367	ImageMagick – Heap Out-of-Bounds Read in PSB RLE Decoding_CVE-2026-56367 ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in cod...	ImageMagick	ImageMagick	Jun 21, 2026	CVE
MEDIUM 6.9	CVE-2026-56316	Cap-go – Job Existence Oracle via Unauthenticated OPTIONS /build/upload/:jobId/_CVE-2026-56316 Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/ endpoint that allows unauthenticated ...	Cap-go	capgo	Jun 21, 2026	CVE
MEDIUM 6.9	CVE-2026-56299	Capgo – Denial of Service via Unauthenticated OPTIONS Request to /build/upload Endpoint_CVE-2026-56299 Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/* endpoint that allows unauthenticated attackers ...	Capgo	Capgo	Jun 21, 2026	CVE
CRITICAL 9.3	CVE-2026-56265	Crawl4AI – Authentication Bypass via Hardcoded JWT Signing Key_CVE-2026-56265 Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attacker...	Crawl4AI	Crawl4AI	Jun 21, 2026	CVE
HIGH 8.7	CVE-2026-56253	Capgo – Unauthenticated Organization Member Email Disclosure via get_org_members RPC_CVE-2026-56253 Capgo before 12.128.2 contains an improper access control vulnerability in the public.get_org_members RPC function that allows unauthenticated atta...	Capgo	Capgo	Jun 21, 2026	CVE
HIGH 7	CVE-2026-56251	Capgo – Privilege Escalation via Broken Row Level Security in org_users_CVE-2026-56251 Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users to elevate privileges from...	Capgo	Capgo	Jun 21, 2026	CVE
HIGH 8.7	CVE-2026-56242	Capgo – Unauthenticated API Key Validity Oracle and User Identity Disclosure via get_identity_apikey_only RPC_CVE-2026-56242 Capgo before 12.128.2 contains an unauthenticated security definer RPC function get_identity_apikey_only that returns the owning user_id for suppli...	Capgo	Capgo	Jun 21, 2026	CVE

Security Intelligence
Feed

Daily Security Trends (Last 14 Days)

Craft CMS – Remote Code Execution via Missing Config Sanitization in FieldsController_CVE-2026-56382

Recent Advisories

Craft CMS – Stored XSS via User Group Name in User Permissions Page_CVE-2026-56381

ImageMagick – Heap Out-of-Bounds Read in PCD Decoder_CVE-2026-56378

ImageMagick – Heap Out-of-Bounds Read in PSB RLE Decoding_CVE-2026-56367

Cap-go – Job Existence Oracle via Unauthenticated OPTIONS /build/upload/:jobId/*_CVE-2026-56316

Capgo – Denial of Service via Unauthenticated OPTIONS Request to /build/upload Endpoint_CVE-2026-56299

Crawl4AI – Authentication Bypass via Hardcoded JWT Signing Key_CVE-2026-56265

Capgo – Unauthenticated Organization Member Email Disclosure via get_org_members RPC_CVE-2026-56253

Capgo – Privilege Escalation via Broken Row Level Security in org_users_CVE-2026-56251

Capgo – Unauthenticated API Key Validity Oracle and User Identity Disclosure via get_identity_apikey_only RPC_CVE-2026-56242

Protect Your Attack Surface with RedGem

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Craft CMS – Remote Code Execution via Missing Config Sanitization in FieldsController_CVE-2026-56382

Recent Advisories

Craft CMS – Stored XSS via User Group Name in User Permissions Page_CVE-2026-56381

ImageMagick – Heap Out-of-Bounds Read in PCD Decoder_CVE-2026-56378

ImageMagick – Heap Out-of-Bounds Read in PSB RLE Decoding_CVE-2026-56367

Cap-go – Job Existence Oracle via Unauthenticated OPTIONS /build/upload/:jobId/*_CVE-2026-56316

Capgo – Denial of Service via Unauthenticated OPTIONS Request to /build/upload Endpoint_CVE-2026-56299

Crawl4AI – Authentication Bypass via Hardcoded JWT Signing Key_CVE-2026-56265

Capgo – Unauthenticated Organization Member Email Disclosure via get_org_members RPC_CVE-2026-56253

Capgo – Privilege Escalation via Broken Row Level Security in org_users_CVE-2026-56251

Capgo – Unauthenticated API Key Validity Oracle and User Identity Disclosure via get_identity_apikey_only RPC_CVE-2026-56242

Protect Your Attack Surface with RedGem

Security Intelligence
Feed