Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

227 New today

64,835 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

197

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 5.3

NanoClaw < 2.1.0 - Privilege Escalation via Forged Channel Approval Callback_CVE-2026-56694

NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups. Scoped admins can submit forged or stale connect callback values to wi...

CVE-2026-56694 nanocoai nanoclaw

Jun 23, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.8	CVE-2026-56693	NanoClaw < 2.1.17 - Privilege Escalation via Unauthorized create_agent System Action_CVE-2026-56693 NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-d...	nanocoai	nanoclaw	Jun 23, 2026	CVE
MEDIUM 6.8	CVE-2026-56692	NanoClaw < 2.1.17 - Arbitrary File Read via Symlink Following in forwardAttachedFiles_CVE-2026-56692 NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate hos...	nanocoai	nanoclaw	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-56402	NanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response Handler_CVE-2026-56402 NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role au...	nanocoai	nanoclaw	Jun 23, 2026	CVE
MEDIUM 5.8	CVE-2026-55767	Guzzle: Dot-Only Cookie Domains Match All Hosts in guzzlehttp/guzzle_CVE-2026-55767 Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-pad...	guzzle	guzzle < 7.12.1	Jun 23, 2026	CVE
MEDIUM 4.8	CVE-2026-55766	guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization_CVE-2026-55766 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain ...	guzzle	psr7 < 2.12.1	Jun 23, 2026	CVE
MEDIUM 5.9	CVE-2026-55568	Guzzle: Silent HTTPS-Proxy Downgrade to Cleartext_CVE-2026-55568 Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the prox...	guzzle	guzzle < 7.12.1	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-54314	n8n: Denial of Service via ZIP decompression in webhook workflow_CVE-2026-54314 n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archi...	n8n-io	n8n < 2.24.0	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-54313	n8n: NoSQL Injection in MongoDB Node Find And Replace Operation_CVE-2026-54313 n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filte...	n8n-io	n8n < 2.24.0	Jun 23, 2026	CVE
HIGH 7.2	CVE-2026-54312	n8n: Microsoft SQL Node Prototype Pollution_CVE-2026-54312 n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achi...	n8n-io	n8n < 2.24.0	Jun 23, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

NanoClaw < 2.1.0 - Privilege Escalation via Forged Channel Approval Callback_CVE-2026-56694

Recent Advisories

NanoClaw < 2.1.17 - Privilege Escalation via Unauthorized create_agent System Action_CVE-2026-56693

NanoClaw < 2.1.17 - Arbitrary File Read via Symlink Following in forwardAttachedFiles_CVE-2026-56692

NanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response Handler_CVE-2026-56402

Guzzle: Dot-Only Cookie Domains Match All Hosts in guzzlehttp/guzzle_CVE-2026-55767

guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization_CVE-2026-55766

Guzzle: Silent HTTPS-Proxy Downgrade to Cleartext_CVE-2026-55568

n8n: Denial of Service via ZIP decompression in webhook workflow_CVE-2026-54314

n8n: NoSQL Injection in MongoDB Node Find And Replace Operation_CVE-2026-54313

n8n: Microsoft SQL Node Prototype Pollution_CVE-2026-54312

Protect Your Attack Surface with RedGem

Security Intelligence
Feed