Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

227 New today

64,835 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

197

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 5.3

Capgo – Denial of Service via Unlimited Demo App Creation_CVE-2026-56255

Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write permissions to create unlimited demo applications without rate limiting or quota enforcement. Attackers can repeatedly invoke this end...

CVE-2026-56255 Capgo Capgo

Jun 22, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-56221	Cap-go – SQL Injection in Cloudflare Analytics Engine Queries via cloudflare.ts_CVE-2026-56221 Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-controlled values from API request bodies are in...	Cap-go	capgo	Jun 22, 2026	CVE
HIGH 7.6	CVE-2026-55409	Filament: Disabled RichEditor field state can be used for XSS_CVE-2026-55409 Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendere...	filamentphp	filament >= 3.0.0, < 3.3.53	Jun 22, 2026	CVE
MEDIUM 6.5	CVE-2026-54911	UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()_CVE-2026-54911 UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps() (or ujson.dump() or uj...	ultrajson	ultrajson < 5.13.0	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-54281	Nest: Middleware Bypass on Fastify via Trailing Slash_CVE-2026-54281 Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.24, an authentication bypass vulnerability exists in @nes...	nestjs	nest < 11.1.24	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48517	MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments_CVE-2026-48517 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's typeless deserialization includes MessagePa...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48516	MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings_CVE-2026-48516 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, InterfaceLookupFormatter constructs an internal Dictionary with ...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48515	MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions_CVE-2026-48515 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's multi-dimensional array formatters read dim...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48514	MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length_CVE-2026-48514 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, UnsafeBlitFormatterBase.Deserialize reads an attacker-controlled...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48513	MessagePack-CSharp: DynamicUnionResolver generated deserializers miss depth enforcement_CVE-2026-48513 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionRes...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Capgo – Denial of Service via Unlimited Demo App Creation_CVE-2026-56255

Recent Advisories

Cap-go – SQL Injection in Cloudflare Analytics Engine Queries via cloudflare.ts_CVE-2026-56221

Filament: Disabled RichEditor field state can be used for XSS_CVE-2026-55409

UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()_CVE-2026-54911

Nest: Middleware Bypass on Fastify via Trailing Slash_CVE-2026-54281

MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments_CVE-2026-48517

MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings_CVE-2026-48516

MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions_CVE-2026-48515

MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length_CVE-2026-48514

MessagePack-CSharp: DynamicUnionResolver generated deserializers miss depth enforcement_CVE-2026-48513

Protect Your Attack Surface with RedGem

Security Intelligence
Feed