Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

54 New today
64,223 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

255
Jun 8
658
Jun 9
351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
6
Jun 21
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.1 CVE-2026-43994

Coturn: Stack buffer overflow in decode_oauth_token_gcm()_CVE-2026-43994

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decode_oauth_token...

coturn coturn < 4.10.0 CVE
HIGH 8.3 CVE-2025-15661

libssh2 – Heap Buffer Over-read via sftp_symlink() in sftp.c_CVE-2025-15661

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c tha...

libssh2 libssh2 CVE
CRITICAL 9.1 CVE-2026-49454

Relyra SAML SignatureValue not cryptographically verified -> authentication bypass_CVE-2026-49454

Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures beca...

szTheory relyra >= 1.0.0, < 1.2.0 CVE
CRITICAL 10 CVE-2026-49257

mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind_CVE-2026-49257

mcp-pinot is a Python-based Model Context Protocol (MCP) server for interacting with Apache Pinot. In versions 3.0.1 and below, mcp-pinot defaults ...

startreedata mcp-pinot < 3.1.0 CVE
HIGH 7.6 CVE-2026-46699

conda-smithy vulnerable to misrouted repository invitation by conda-forge-webservices[bot] due to GitHub username takeover leading to unintended write access in conda-forge feedstock repository_CVE-2026-46699

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to...

conda-forge conda-smithy < 3.61.0 CVE
HIGH 8.3 CVE-2026-45696

OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)_CVE-2026-45696

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 t...

AcademySoftwareFoundation openexr >= 3.4.0, < 3.4.11 CVE
LOW 2.3 CVE-2026-8668

Hardcoded credentials in embedded content_CVE-2026-8668

A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues.  Queue messages contained ten...

Progress Chef Chef360 CVE
HIGH 8.6 CVE-2026-8100

CVE-2026-8100_CVE-2026-8100

Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions....

Progress Chef Chef360 CVE
CRITICAL 9.8 CVE-2026-54130

M365 Copilot Information Disclosure Vulnerability_CVE-2026-54130

{“lastseen”:””,”description”:””,”published”:”2026-06-18T21:42:39.358Z”,&#82...

Microsoft Microsoft 365 Copilot - CVE