Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

366 New today
67,195 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
386
Jun 26
53
Jun 27
318
Jun 28
284
Jun 29
427
Jun 30
64
Jul 1
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.3 CVE-2026-57997

Strapi users-permissions – JWT Algorithm Confusion via Missing Algorithm Configuration_CVE-2026-57997

Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowin...

strapi strapi CVE
HIGH 7.7 CVE-2026-34592

Coolify: Cross-Team IDOR via Unscoped Server and Project Lookups Exposes SSH Keys and Infrastructure_CVE-2026-34592

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, Coolify server and pro...

coollabsio coolify < 4.0.0-beta.471 CVE
MEDIUM 5.3 CVE-2026-10647

Deadlock denial of service in USB CDC-NCM device class on TX enqueue failure_CVE-2026-10647

The USB CDC-NCM device class (subsys/usb/device_next/class/usbd_cdc_ncm.c) ignores the return value of usbd_ep_enqueue() in its ethernet transmit c...

zephyrproject zephyr 4.1.0 CVE
HIGH 7.5 CVE-2026-8023

Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenticated remote arbitrary file read_CVE-2026-8023

Zephyr's HTTP server (subsys/net/lib/http) provides a static-filesystem resource type (HTTP_RESOURCE_TYPE_STATIC_FS, available when CONFIG_FILE_SYS...

zephyrproject zephyr 4.0.0 CVE
HIGH 8.1 CVE-2026-7656

Broken IPv6 Neighbor Discovery input validation allows spoofed RA/NS/NA acceptance in Zephyr net stack_CVE-2026-7656

The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6_nbr.c (handle_ra_input, handle_ns_input, handle_na_input) used an incorrect boolean expr...

zephyrproject zephyr 1.14.0 CVE
CRITICAL 10 745E87EB-2F7B-

Exploit for Improper Control of Dynamically-Managed Code Resources in Kidocode Crawl4Ai_745E87EB-2F7B-5DE3-8689-0B856028F54D

CVE-2026-53753 — Crawl4AI Unauthenticated Remote Code Execution AST Sandbox Escape Pre-authentication RCE in Crawl4AI expression evaluator safeeval...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 964E7791-B2DF-

Exploit for Authentication Bypass by Primary Weakness in Crushftp_964E7791-B2DF-59B8-81F3-BEFC914A712D

CrushFTP 10.8.0 — CVE-2025-31161 Vulnerable Build Pre-built CrushFTP 10.8.0 binary for authorized penetration testing of CVE-2025-31161. !CAUTION T...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 983CAFED-3C66-

Exploit for Authentication Bypass by Primary Weakness in Crushftp_983CAFED-3C66-576E-BB1A-B397A3A030D6

Ansible Role: CrushFTP CVE-2025-31161 Ludus An Ansible Role that deploys a vulnerable CrushFTP 10.8.0 instance on Windows for authorized penetratio...

N/A N/A GITHUBEXPLOIT
NONE 394EC506-B436-

Pentesting-Skill-For-Ai-Agent_394EC506-B436-5307-87F3-9DB6D187E8FE

No description provided...

N/A N/A GITHUBEXPLOIT