Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

51 New today

64,212 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

Jun 21

Critical

High

Medium

Low

Latest

CVE CVSS 8.1

Coturn: Stack buffer overflow in decode_oauth_token_gcm()_CVE-2026-43994

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decode_oauth_token_gcm(). A uint16_t nonce_len field read from an attacker-supplied OAuth access token (0-65535) is passed directly to memcpy() as t...

CVE-2026-43994 coturn coturn < 4.10.0

Jun 18, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.3	CVE-2025-15661	libssh2 – Heap Buffer Over-read via sftp_symlink() in sftp.c_CVE-2025-15661 libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c tha...	libssh2	libssh2	Jun 18, 2026	CVE
CRITICAL 9.1	CVE-2026-49454	Relyra SAML SignatureValue not cryptographically verified -> authentication bypass_CVE-2026-49454 Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures beca...	szTheory	relyra >= 1.0.0, < 1.2.0	Jun 18, 2026	CVE
CRITICAL 10	CVE-2026-49257	mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind_CVE-2026-49257 mcp-pinot is a Python-based Model Context Protocol (MCP) server for interacting with Apache Pinot. In versions 3.0.1 and below, mcp-pinot defaults ...	startreedata	mcp-pinot < 3.1.0	Jun 18, 2026	CVE
HIGH 7.6	CVE-2026-46699	conda-smithy vulnerable to misrouted repository invitation by conda-forge-webservices[bot] due to GitHub username takeover leading to unintended write access in conda-forge feedstock repository_CVE-2026-46699 conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to...	conda-forge	conda-smithy < 3.61.0	Jun 18, 2026	CVE
HIGH 8.3	CVE-2026-45696	OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)_CVE-2026-45696 OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 t...	AcademySoftwareFoundation	openexr >= 3.4.0, < 3.4.11	Jun 18, 2026	CVE
LOW 2.3	CVE-2026-8668	Hardcoded credentials in embedded content_CVE-2026-8668 A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained ten...	Progress Chef	Chef360	Jun 18, 2026	CVE
HIGH 8.6	CVE-2026-8100	CVE-2026-8100_CVE-2026-8100 Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions....	Progress Chef	Chef360	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-54130	M365 Copilot Information Disclosure Vulnerability_CVE-2026-54130 {“lastseen”:””,”description”:””,”published”:”2026-06-18T21:42:39.358Z”,&#82...	Microsoft	Microsoft 365 Copilot -	Jun 18, 2026	CVE
HIGH 7.7	CVE-2026-54017	Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal_CVE-2026-54017 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse prox...	open-webui	open-webui < 0.9.6	Jun 18, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Coturn: Stack buffer overflow in decode_oauth_token_gcm()_CVE-2026-43994

Recent Advisories

libssh2 – Heap Buffer Over-read via sftp_symlink() in sftp.c_CVE-2025-15661

Relyra SAML SignatureValue not cryptographically verified -> authentication bypass_CVE-2026-49454

mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind_CVE-2026-49257

conda-smithy vulnerable to misrouted repository invitation by conda-forge-webservices[bot] due to GitHub username takeover leading to unintended write access in conda-forge feedstock repository_CVE-2026-46699

OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)_CVE-2026-45696

Hardcoded credentials in embedded content_CVE-2026-8668

CVE-2026-8100_CVE-2026-8100

M365 Copilot Information Disclosure Vulnerability_CVE-2026-54130

Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal_CVE-2026-54017

Protect Your Attack Surface with RedGem

Security Intelligence
Feed