Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

293 New today
64,608 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

658
Jun 9
351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
287
Jun 22
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.3 CVE-2026-54276

AIOHTTP: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges_CVE-2026-54276

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication re...

aio-libs aiohttp < 3.14.1 CVE
LOW 2.7 CVE-2026-54275

AIOHTTP: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections_CVE-2026-54275

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be bypassed ...

aio-libs aiohttp < 3.14.1 CVE
MEDIUM 6.6 CVE-2026-54274

AIOHTTP: Incomplete websocket frame payloads bypass memory limits_CVE-2026-54274

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket fr...

aio-libs aiohttp < 3.14.1 CVE
MEDIUM 6.6 CVE-2026-54273

AIOHTTP: HTTP/1 Pipelined Requests Queue Without Limit_CVE-2026-54273

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined re...

aio-libs aiohttp < 3.14.1 CVE
HIGH 8.2 CVE-2026-54271

protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names_CVE-2026-54271

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / stati...

protobufjs protobufjs-cli < 1.3.2 CVE
MEDIUM 5.3 CVE-2026-54270

protobufjs: Memory amplification from preserved unknown fields in binary decode_CVE-2026-54270

protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message...

protobufjs protobuf.js >=8.2.0, < 8.5.0 CVE
MEDIUM 5.3 CVE-2026-54269

protobufjs: Schema-derived names can shadow runtime-significant properties_CVE-2026-54269

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names...

protobufjs protobuf.js < 7.6.3 CVE
MEDIUM 5.5 CVE-2026-53632

NTLMv2 hash disclosure via UNC path handling on Windows_CVE-2026-53632

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrar...

vitejs launch-editor < 2.14.1 CVE
HIGH 8.2 CVE-2026-53571

Vite: `server.fs.deny` bypass on Windows alternate paths_CVE-2026-53571

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny ...

vitejs vite >= 8.0.0, < 8.0.16 CVE