Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

287 New today
64,930 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
292
Jun 23
Jun 24
Critical
High
Medium
Low
Latest
CVE CVSS 10

FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions_CVE-2026-27604

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged `/api/system/*` endpoints. Because `system` resolves to t...

CVE-2026-27604 FOSSBilling FOSSBilling >= 0.5.4, < 0.8.0
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
NONE THN:70DA639E50D...

Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents_THN:70DA639E50D29B870448D12D6323F7DF

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgb14v3ddlfpybc15jRbk-cwHI-0S8BAzdp8Ix83L5ZCZ4AB8gCySG7J4tZr4od9q3Jbuic1a4J29VAvRcdSQ...

N/A N/A THN
NONE THN:5382CB6B456...

Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration_THN:5382CB6B456E3DF10A48275317E6FC76

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoC7KFWoDGkSi-UzAyKNUkw-Ogs4oy2tCOAYXiYAAkqEUC1WMotLAE1GUwoWApfXK3prWVctTP05aLGjru0h...

N/A N/A THN
MEDIUM 5.3 CVE-2026-56696

OpenHarness – Prompt Injection via /issue and /pr_comments Slash Commands_CVE-2026-56696

OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-contro...

HKUDS OpenHarness CVE
HIGH 7.1 CVE-2026-56695

OpenHarness – Cross-Session Disclosure via /resume and /summary Commands_CVE-2026-56695

OpenHarness ohmo gateway /resume and /summary slash commands default remote_invocable to True, allowing admitted remote senders to enumerate and lo...

HKUDS OpenHarness CVE
MEDIUM 5.3 CVE-2026-56694

NanoClaw < 2.1.0 - Privilege Escalation via Forged Channel Approval Callback_CVE-2026-56694

NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse f...

nanocoai nanoclaw CVE
MEDIUM 6.8 CVE-2026-56693

NanoClaw < 2.1.17 - Privilege Escalation via Unauthorized create_agent System Action_CVE-2026-56693

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-d...

nanocoai nanoclaw CVE
MEDIUM 6.8 CVE-2026-56692

NanoClaw < 2.1.17 - Arbitrary File Read via Symlink Following in forwardAttachedFiles_CVE-2026-56692

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate hos...

nanocoai nanoclaw CVE
HIGH 7.1 CVE-2026-56402

NanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response Handler_CVE-2026-56402

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role au...

nanocoai nanoclaw CVE
MEDIUM 5.8 CVE-2026-55767

Guzzle: Dot-Only Cookie Domains Match All Hosts in guzzlehttp/guzzle_CVE-2026-55767

Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-pad...

guzzle guzzle < 7.12.1 CVE