Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

289 New today
65,553 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
266
Jun 25
Critical
High
Medium
Low
Latest
CVE CVSS 6.1

chrome-devtools-mcp: validatePath() does not canonicalize symlinks before enforcing roots_CVE-2026-53766

Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath() enforces workspace roots by checking whether path.resolve(filePath) textually falls under one of the configured...

CVE-2026-53766 ChromeDevTools chrome-devtools-mcp >= 0.24.0, < 1.1.0
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.1 CVE-2026-53765

chrome-devtools-mcp: daemon.pid write follows symlinks in /tmp fallback runtime directory_CVE-2026-53765

Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chr...

ChromeDevTools chrome-devtools-mcp >= 0.20.0, < 1.1.0 CVE
HIGH 7.5 CVE-2026-52794

Sentry: Inefficient Regular Expression Complexity in sentry_CVE-2026-52794

Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability...

getsentry sentry >= 24.4.0, < 26.5.2 CVE
CRITICAL 9.9 CVE-2026-50551

SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content_CVE-2026-50551

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting (XSS) vulnerability in...

siyuan-note siyuan < 3.7.0 CVE
HIGH 8.9 CVE-2026-50189

Appsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy Route_CVE-2026-50189

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC inter...

appsmithorg appsmith < 2.1 CVE
HIGH 7.1 CVE-2026-47110

Tiptap for PHP < 2.1.1 DoS via Malformed href Attribute_CVE-2026-47110

Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by ...

ueberdosis tiptap-php CVE
MEDIUM 6.5 CVE-2026-10642

Unbounded TX busy-loop DoS in Zephyr PL011 UART driver under CTS hardware flow control_CVE-2026-10642

The Zephyr PL011 UART driver (drivers/serial/uart_pl011.c) contains an unbounded software loop in pl011_irq_tx_enable() that repeatedly invokes the...

zephyrproject zephyr 4.1.0 CVE
HIGH 7.8 CVE-2026-10043

MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability_CVE-2026-10043

MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbi...

MosaicML Composer 0.32.1 CVE
CRITICAL 9.1 75711BFE-8B18-

Exploit for CVE-2026-56111_75711BFE-8B18-55AC-A70F-7ACF021EFAE2

CVE-2026-56111 - Marlin M421 Out-of-bounds Write Proof of concept for CVE-2026-56111, an out-of-bounds write in the M421 G-code handler of Marlin F...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 MSF:AUXILIARY-SCANNER-

BerriAI LiteLLM Proxy Pre-Auth SQL Injection Scanner_MSF:AUXILIARY-SCANNER-HTTP-LITELLM_PROXY_SQLI-

This module detects BerriAI LiteLLM proxy servers affected by CVE-2026-42208, an unauthenticated SQL injection. During API-key verification the pro...

N/A N/A METASPLOIT