Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

324 New today

65,969 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

306

Jun 26

Critical

High

Medium

Low

Latest

CVE CVSS 7.7

CVE-2026-48618_CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended securi...

CVE-2026-48618 nodejs node 22.22.3

Jun 26, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.9	CVE-2026-48615	CVE-2026-48615_CVE-2026-48615 A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are em...	nodejs	node 22.22.3	Jun 26, 2026	CVE
MEDIUM 4.8	CVE-2026-8661	Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin_CVE-2026-8661 Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdown_to_pdf action of Rapid7 InsightConnect Markdown Plug...	Rapid7	InsightConnect Markdown Plugin	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-13226	Groundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' Parameter_CVE-2026-13226 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter i...	trainingbusinesspros	Groundhogg — CRM, Newsletters, and Marketing Automation	Jun 26, 2026	CVE
HIGH 8.8	921E88F8-3925-	Exploit for CVE-2026-43503_921E88F8-3925-519D-9067-4928D48E9B4D CVE-2026-43503 — DirtyClone Linux local privilege escalation. A cloned skbuff loses the SKBFLSHAREDFRAG flag, so ESP in-place decryption writes int...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
NONE	1BF0634C-CE51-	Binary-Exploitation-and-Reverse-Engineering_1BF0634C-CE51-5BC4-9278-E457B1143B09 Binary Exploitation & Reverse Engineering Lab Hands-on memory-corruption exploitation and reverse engineering. Three escalating exploitation challe...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
NONE	MSSECURE:AA575A...	Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access_MSSECURE:AA575A60004644ACAFBF2293B2100746 In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. References 4. Learn more Microsoft Threat Intelligen...	N/A	N/A	Jun 25, 2026	MSSECURE
HIGH 7.1	CVE-2026-40941	Cacti: Package Import Signature Validation Bypass Allows Self-Signed Packages_CVE-2026-40941 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass all...	Cacti	cacti < 1.2.31	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-40084	Cacti: Arbitrary File Read via Path Traversal in Report `format_file` Parameter_CVE-2026-40084 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report ...	Cacti	cacti < 1.2.31	Jun 25, 2026	CVE
HIGH 7.2	CVE-2026-40083	Cacti: SQL Injection in managers.php_CVE-2026-40083 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+im...	Cacti	cacti < 1.2.31	Jun 25, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

CVE-2026-48618_CVE-2026-48618

Recent Advisories

CVE-2026-48615_CVE-2026-48615

Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin_CVE-2026-8661

Groundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' Parameter_CVE-2026-13226

Exploit for CVE-2026-43503_921E88F8-3925-519D-9067-4928D48E9B4D

Binary-Exploitation-and-Reverse-Engineering_1BF0634C-CE51-5BC4-9278-E457B1143B09

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access_MSSECURE:AA575A60004644ACAFBF2293B2100746

Cacti: Package Import Signature Validation Bypass Allows Self-Signed Packages_CVE-2026-40941

Cacti: Arbitrary File Read via Path Traversal in Report `format_file` Parameter_CVE-2026-40084

Cacti: SQL Injection in managers.php_CVE-2026-40083

Protect Your Attack Surface with RedGem

Security Intelligence
Feed