Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

296 New today

65,924 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

261

Jun 26

Critical

High

Medium

Low

Latest

CVE CVSS 8.7

Pagekit CMS 1.0.18 Privilege Escalation via UserApiController_CVE-2026-57518

Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveActi...

CVE-2026-57518 pagekit pagekit 1.0.18

Jun 26, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-57231	Podman: Malformed Image can trick podman run into leaking host environment variables into the container_CVE-2026-57231 Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a k...	podman-container-tools	podman >= 1.8.1, < 5.8.4	Jun 26, 2026	CVE
MEDIUM 5.4	CVE-2026-56823	AutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping Triggering_CVE-2026-56823 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the `POST /ap...	Significant-Gravitas	AutoGPT < 0.6.64	Jun 26, 2026	CVE
HIGH 8.5	CVE-2026-56663	AutoGPT: SSRF-to-RCE Chain in `SendWebRequestBlock` via IP validation bypass and internal `pg-meta` access_CVE-2026-56663 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an auth...	Significant-Gravitas	AutoGPT < 0.6.52	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-55686	Podman: WORKDIR symlink traversal vulnerability_CVE-2026-55686 Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains ...	podman-container-tools	podman >= 3.0.0, < 5.7.1	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-55677	Echo: Encoded slash (%2F) bypasses route-level protection and exposes static files_CVE-2026-55677 Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches rout...	labstack	echo < 4.15.3	Jun 26, 2026	CVE
CRITICAL 9	CVE-2026-54636	Dokku: OS Command Injection via app.json managed Cron_CVE-2026-54636 Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku ...	dokku	dokku < 0.38.7	Jun 26, 2026	CVE
MEDIUM 6	CVE-2026-48529	GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion_CVE-2026-48529 GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessC...	github	github-mcp-server >= 0.22.0, < 1.1.2	Jun 26, 2026	CVE
CRITICAL 9	CVE-2026-45408	Dokku: OS Command Injection via App Name in Git Pre-Receive Hook_CVE-2026-45408 Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$) permits shell metacharacters. When an authent...	dokku	dokku < 0.38.2	Jun 26, 2026	CVE
MEDIUM 5	CVE-2026-45407	Dokku: Git Credentials in .netrc Stored World-Readable Due to Premature touch_CVE-2026-45407 Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc using bash's touch command, which applies the defa...	dokku	dokku < 0.38.2	Jun 26, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Pagekit CMS 1.0.18 Privilege Escalation via UserApiController_CVE-2026-57518

Recent Advisories

Podman: Malformed Image can trick podman run into leaking host environment variables into the container_CVE-2026-57231

AutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping Triggering_CVE-2026-56823

AutoGPT: SSRF-to-RCE Chain in `SendWebRequestBlock` via IP validation bypass and internal `pg-meta` access_CVE-2026-56663

Podman: WORKDIR symlink traversal vulnerability_CVE-2026-55686

Echo: Encoded slash (%2F) bypasses route-level protection and exposes static files_CVE-2026-55677

Dokku: OS Command Injection via app.json managed Cron_CVE-2026-54636

GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion_CVE-2026-48529

Dokku: OS Command Injection via App Name in Git Pre-Receive Hook_CVE-2026-45408

Dokku: Git Credentials in .netrc Stored World-Readable Due to Premature touch_CVE-2026-45407

Protect Your Attack Surface with RedGem

Security Intelligence
Feed