Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

286 New today

64,930 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

292

Jun 23

Jun 24

Critical

High

Medium

Low

Latest

CVE CVSS 7.1

Simple Basic Contact Form <= 20250114 - Reflected XSS_CVE-2026-8172

The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit agai...

CVE-2026-8172 Unknown Simple Basic Contact Form

Jun 23, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-8163	Infility Global < 2.15.19 - Subscriber+ SQL Injection via order Parameter_CVE-2026-8163 The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, lead...	Unknown	Infility Global	Jun 23, 2026	CVE
MEDIUM 6.8	CVE-2026-7842	Infility Global < 2.15.20 - Editor+ SQL Injection via orderby Parameter_CVE-2026-7842 The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in...	Unknown	Infility Global	Jun 23, 2026	CVE
HIGH 7.2	CVE-2026-56784	OpenRemote Manager – Cross-Tenant IDOR in Bulk Alarm Deletion_CVE-2026-56784 OpenRemote Manager before 1.24.2 contains an insecure direct object reference vulnerability in the removeAlarms() method that allows authenticated ...	openremote	openremote	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-56762	Hono – Missing Cookie Name Validation in setCookie()_CVE-2026-56762 Hono before 4.12.12 does not validate cookie names on the write path in the setCookie(), serialize(), and serializeSigned() functions, allowing inv...	Hono	Hono	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-56701	Grav – XML External Entity Injection via SVG Upload_CVE-2026-56701 Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers ...	Grav	Grav	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-56376	ImageMagick – Heap Use-After-Free in Meta Coder_CVE-2026-56376 ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written ...	ImageMagick	ImageMagick	Jun 23, 2026	CVE
HIGH 8.7	CVE-2026-56322	Capgo – Information Disclosure via Unauthenticated /updates defaultChannel Parameter_CVE-2026-56322 Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updates endpoint that resolves the defaultChannel pa...	Capgo	Capgo	Jun 23, 2026	CVE
CRITICAL 9.3	CVE-2026-56315	picklescan – Remote Code Execution via Unblocked Standard Library Modules_CVE-2026-56315 picklescan before 1.0.4 fails to block at least seven Python standard library modules (including uuid, _osx_support, _aix_support, _pyrepl.pager, a...	picklescan	picklescan	Jun 23, 2026	CVE
MEDIUM 6.8	CVE-2026-56301	Nuxt – Arbitrary File Read via World-Connectable vite-node IPC Socket on Linux_CVE-2026-56301 Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server (nuxt dev) on Linux, binds the vite-node IPC server to an abs...	Nuxt	Nuxt 4.0.0	Jun 23, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Simple Basic Contact Form <= 20250114 - Reflected XSS_CVE-2026-8172

Recent Advisories

Infility Global < 2.15.19 - Subscriber+ SQL Injection via order Parameter_CVE-2026-8163

Infility Global < 2.15.20 - Editor+ SQL Injection via orderby Parameter_CVE-2026-7842

OpenRemote Manager – Cross-Tenant IDOR in Bulk Alarm Deletion_CVE-2026-56784

Hono – Missing Cookie Name Validation in setCookie()_CVE-2026-56762

Grav – XML External Entity Injection via SVG Upload_CVE-2026-56701

ImageMagick – Heap Use-After-Free in Meta Coder_CVE-2026-56376

Capgo – Information Disclosure via Unauthenticated /updates defaultChannel Parameter_CVE-2026-56322

picklescan – Remote Code Execution via Unblocked Standard Library Modules_CVE-2026-56315

Nuxt – Arbitrary File Read via World-Connectable vite-node IPC Socket on Linux_CVE-2026-56301

Protect Your Attack Surface with RedGem

Security Intelligence
Feed