Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

46 New today

64,242 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

Jun 21

Critical

High

Medium

Low

Latest

GITHUBEXPLOIT CVSS 10

Exploit for Deserialization of Untrusted Data in Facebook React_FF7344F1-411D-55F1-B276-7221215B98DB

CVE-2025-55182 — React2Shell Unauthenticated RCE in React Server Components Author: TYehan --- TL;DR A single unauthenticated HTTP request can execute arbitrary code on the server. The bug lives in how the React Flight protocol deserializes Server...

FF7344F1-411D-55F1-B276-7221215B98DB

Jun 19, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.2	B132E072-36D8-	Exploit for CVE-2026-42530_B132E072-36D8-5390-949D-A06FA9ADC7B5 CVE-2026-42530 Scanner for CVE-2026-42530, a use-after-free in nginx's HTTP/3 module. Affected: nginx 1.31.0, 1.31.1 Fixed: nginx 1.31.2 Usage pip ...	N/A	N/A	Jun 19, 2026	GITHUBEXPLOIT
MEDIUM 6.5	CVE-2026-49359	PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option_CVE-2026-49359 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` fetches the...	pontedilana	php-weasyprint < 2.6.0	Jun 19, 2026	CVE
HIGH 7.6	CVE-2026-49290	Slopsmith has path traversal in archive extractors that allows arbitrary file write → potential RCE_CVE-2026-49290 Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC (CDLC). Prior to 0.2.9-alpha.5, a pat...	byrongamatos	slopsmith < 0.2.9-alpha.5	Jun 19, 2026	CVE
HIGH 7.4	CVE-2026-49287	Statamic CMS vulnerable to unsafe method invocation via collection sorting allows data destruction_CVE-2026-49287 Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It a...	statamic	cms < 5.73.23	Jun 19, 2026	CVE
HIGH 8.1	CVE-2026-49286	PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)_CVE-2026-49286 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` guarded the...	pontedilana	php-weasyprint < 2.6.0	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-49271	libheif: Wrapped icef compressed-unit range check causes out-of-bounds read in uncompressed HEIF decoder_CVE-2026-49271 libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compress...	strukturag	libheif < 1.22.1	Jun 19, 2026	CVE
HIGH 7.1	CVE-2026-49339	Path traversal in getPlaylist/deletePlaylist bypasses ownership check: any authenticated user can read or delete any other user’s playlist_CVE-2026-49339 gonic is a music streaming server / free-software subsonic server API implementation. The maintainer's fix in commit `6dd71e6a3c966867ef8c900d359a...	sentriz	gonic < 0.21.0	Jun 19, 2026	CVE
MEDIUM 5.5	CVE-2026-49336	@microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter_CVE-2026-49336 @microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-previe...	microsoft	kiota-typescript >= 1.0.0-preview.97, < 1.0.0-preview.102	Jun 19, 2026	CVE
HIGH 7.5	CVE-2026-49293	CPU exhaustion via O(n^2) BigInt construction on radix-prefixed integer literals_CVE-2026-49293 js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / b...	sunnyadn	js-toml < 1.1.1	Jun 19, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Exploit for Deserialization of Untrusted Data in Facebook React_FF7344F1-411D-55F1-B276-7221215B98DB

Recent Advisories

Exploit for CVE-2026-42530_B132E072-36D8-5390-949D-A06FA9ADC7B5

PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option_CVE-2026-49359

Slopsmith has path traversal in archive extractors that allows arbitrary file write → potential RCE_CVE-2026-49290

Statamic CMS vulnerable to unsafe method invocation via collection sorting allows data destruction_CVE-2026-49287

PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)_CVE-2026-49286

libheif: Wrapped icef compressed-unit range check causes out-of-bounds read in uncompressed HEIF decoder_CVE-2026-49271

Path traversal in getPlaylist/deletePlaylist bypasses ownership check: any authenticated user can read or delete any other user’s playlist_CVE-2026-49339

@microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter_CVE-2026-49336

CPU exhaustion via O(n^2) BigInt construction on radix-prefixed integer literals_CVE-2026-49293

Protect Your Attack Surface with RedGem

Security Intelligence
Feed