Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

286 New today
64,927 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
289
Jun 23
Jun 24
Critical
High
Medium
Low
Latest
CVE CVSS 8.1

jackson-databind: Array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)_CVE-2026-54513

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray() allowlists any array type based only on clazz.isArray(...

CVE-2026-54513 FasterXML jackson-databind >= 2.10.0, < 2.18.8
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.1 CVE-2026-54512

jackson-databind: PolymorphicTypeValidator bypass via generic type parameters allows arbitrary class instantiation_CVE-2026-54512

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21....

FasterXML jackson-databind >= 2.10.0, < 2.18.8 CVE
MEDIUM 6.3 CVE-2026-50193

jackson-databind: Deeply nested JsonNode throws StackOverflowError for toString()_CVE-2026-50193

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13.0 until 2.14.0, a pot...

FasterXML jackson-databind >= 2.10.0, < 2.14.0 CVE
MEDIUM 5.3 CVE-2026-47382

NocoDB: Server-Side Request Forgery via Database Connection Host_CVE-2026-47382

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the connection-test endpoint opened a raw TCP socket to the user-sup...

nocodb nocodb < 2026.05.1 CVE
MEDIUM 6.3 CVE-2026-47380

NocoDB: User Enumeration via Sign-In Timing_CVE-2026-47380

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timing differed between known and unknown email add...

nocodb nocodb < 2026.04.1 CVE
MEDIUM 6.9 CVE-2026-47378

NocoDB: Hidden Column Exposure in Public Shared View Endpoints_CVE-2026-47378

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, Public shared-view endpoints exposed values from columns that the vi...

nocodb nocodb < 2026.04.1 CVE
MEDIUM 5.1 CVE-2026-47377

NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin_CVE-2026-47377

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the client-side hashRedirect plugin called window.location.replace()...

nocodb nocodb < 2026.04.1 CVE
MEDIUM 5.1 CVE-2026-47376

NocoDB: Reflected Cross-Site Scripting via Password Reset Token_CVE-2026-47376

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the password-reset page rendered the URL token directly into a JavaS...

nocodb nocodb < 2026.04.1 CVE
MEDIUM 6 CVE-2026-47375

NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`_CVE-2026-47375

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, an authenticated user with columnAdd permission on a Postgres-backed...

nocodb nocodb < 2026.04.1 CVE
MEDIUM 6.9 CVE-2026-47279

NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints_CVE-2026-47279

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied...

nocodb nocodb < 2026.05.1 CVE