Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

57 New today
64,210 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

32
Jun 7
255
Jun 8
658
Jun 9
351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
49
Jun 20
Critical
High
Medium
Low
Latest
CVE CVSS 4.3

capacitor-native-biometric – Authentication Bypass via Unvalidated CryptoObject in onAuthenticationSucceeded_CVE-2026-56294

capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded() method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded() function using dynamic instrumentation to bypas...

CVE-2026-56294 capacitor-native-biometric capacitor-native-biometric
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.9 CVE-2026-56282

Capgo – Information Disclosure via Unauthenticated /replication Endpoint_CVE-2026-56282

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQ...

Capgo Capgo CVE
MEDIUM 6 CVE-2026-56276

Flowise – Mass Assignment in PUT /api/v1/user Allows Password Hash Override_CVE-2026-56276

Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated users to directly modify t...

Flowise Flowise CVE
MEDIUM 6.9 CVE-2026-56267

Flowise – PII Disclosure via Unauthenticated Forgot Password Endpoint_CVE-2026-56267

Flowise before 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/forgot-password endpoint that returns full user ob...

Flowise Flowise CVE
MEDIUM 6.9 CVE-2026-56235

Capgo – Unauthenticated Cross-Tenant Metrics Disclosure via RPC Functions_CVE-2026-56235

Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions (get_app_metrics, get_global_metrics, get...

Cap-go capgo CVE
MEDIUM 6.9 CVE-2026-56228

Capgo – Denial of Service via Improper Password Policy Length Validation_CVE-2026-56228

Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated ...

Capgo Capgo CVE
MEDIUM 5.3 CVE-2026-56227

Capgo – Server-Side Request Forgery via Webhook URL Validation_CVE-2026-56227

Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allows loopback and internal addresses. O...

Capgo Capgo CVE
MEDIUM 6.9 CVE-2026-56218

Capgo – EXIF Metadata Exposure via Image Upload_CVE-2026-56218

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers ...

Capgo Capgo CVE
MEDIUM 5.1 CVE-2025-71331

Flowise – Cross-Site Scripting in Chat Messages and Agent Workflows_CVE-2025-71331

Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messages and custom agent f...

Flowise Flowise CVE
CRITICAL 9.9 CVE-2026-5366

Git Argument Injection in prefecthq/prefect_CVE-2026-5366

Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage clas...

prefecthq prefecthq/prefect unspecified CVE