Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

341 New today
65,686 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
23
Jun 26
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.8 CVE-2026-50016

pnpm: Transitive dependency alias path traversal allows project path override via symlink replacement_CVE-2026-50016

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path tr...

pnpm pnpm < 10.33.4 CVE
HIGH 7.3 CVE-2026-50015

pnpm: Arbitrary File Write/Delete via Malicious Patch File (Path Traversal)_CVE-2026-50015

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline (@pnpm/patch-package) performs no path validation on file...

pnpm pnpm < 10.33.4 CVE
MEDIUM 6.4 CVE-2026-50014

pnpm: Git Fetch Argument Injection via Lockfile resolution.commit_CVE-2026-50014

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- s...

pnpm pnpm < 10.33.4 CVE
HIGH 7.1 CVE-2026-49839

jq –rawfile invalid-state reuse after String too long causes heap-buffer-overflow_CVE-2026-49839

jq is a command-line JSON processor. Prior to 1.8.2,` jq --rawfile` can turn a handled oversized-string error into invalid-state reuse and a real h...

jqlang jq < 1.8.2 CVE
MEDIUM 4.8 CVE-2026-48995

pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile_CVE-2026-48995

pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will in...

pnpm pnpm < 10.33.4 CVE
MEDIUM 6.8 CVE-2026-47770

jq: stack overflow in deep structural equality_CVE-2026-47770

jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on j...

jqlang jq < 1.8.2 CVE
HIGH 8.2 CVE-2026-11999

X.509 trust-chain bypass via path-depth exhaustion in wolfSSL_X509_verify_cert()_CVE-2026-11999

X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only ...

wolfSSL wolfSSL 5.7.4 CVE
CRITICAL 10 CVE-2026-57700

WordPress OMGF Pro plugin <= 5.2.6 - Arbitrary File Upload vulnerability_CVE-2026-57700

Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from...

Daan.dev OMGF Pro n/a CVE
HIGH 7 CVE-2026-56790

CANBoat – Off-by-One Global Buffer Overflow in searchForPgn()_CVE-2026-56790

CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn() function in analyzer/pgn.c that ...

canboat canboat CVE