Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

153 New today
66,071 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
386
Jun 26
22
Jun 27
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.3 CVE-2026-48619

CVE-2026-48619_CVE-2026-48619

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the cli...

nodejs node 22.22.3 CVE
HIGH 7.7 CVE-2026-48618

CVE-2026-48618_CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due t...

nodejs node 22.22.3 CVE
MEDIUM 5.9 CVE-2026-48615

CVE-2026-48615_CVE-2026-48615

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are em...

nodejs node 22.22.3 CVE
MEDIUM 4.8 CVE-2026-8661

Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin_CVE-2026-8661

Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdown_to_pdf action of Rapid7 InsightConnect Markdown Plug...

Rapid7 InsightConnect Markdown Plugin CVE
MEDIUM 6.5 CVE-2026-13226

Groundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' Parameter_CVE-2026-13226

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter i...

trainingbusinesspros Groundhogg — CRM, Newsletters, and Marketing Automation CVE
HIGH 8.8 921E88F8-3925-

Exploit for CVE-2026-43503_921E88F8-3925-519D-9067-4928D48E9B4D

CVE-2026-43503 — DirtyClone Linux local privilege escalation. A cloned skbuff loses the SKBFLSHAREDFRAG flag, so ESP in-place decryption writes int...

N/A N/A GITHUBEXPLOIT
NONE 1BF0634C-CE51-

Binary-Exploitation-and-Reverse-Engineering_1BF0634C-CE51-5BC4-9278-E457B1143B09

Binary Exploitation & Reverse Engineering Lab Hands-on memory-corruption exploitation and reverse engineering. Three escalating exploitation challe...

N/A N/A GITHUBEXPLOIT
NONE MSSECURE:AA575A...

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access_MSSECURE:AA575A60004644ACAFBF2293B2100746

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. References 4. Learn more Microsoft Threat Intelligen...

N/A N/A MSSECURE
HIGH 7.1 CVE-2026-40941

Cacti: Package Import Signature Validation Bypass Allows Self-Signed Packages_CVE-2026-40941

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass all...

Cacti cacti < 1.2.31 CVE