Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

52 New today
64,217 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

255
Jun 8
658
Jun 9
351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
Jun 21
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.5 CVE-2026-25865

Punto Switcher 4.5.0.583 Unquoted Search Path via WinExec_CVE-2026-25865

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by ex...

Yandex Punto Switcher CVE
CRITICAL 9.9 CVE-2026-49252

deepstream is vulnerable to prototype pollution_CVE-2026-49252

deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are v...

deepstreamIO deepstream.io < 10.0.5 CVE
HIGH 8.3 CVE-2026-49248

OneDev: RCE through absolute-path symlink following allows low-privileged users to overwrite arbitrary server via TarUtils.untar_CVE-2026-49248

OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar() creates symbolic links verbatim from TAR en...

theonedev onedev < 15.0.7 CVE
MEDIUM 6.1 CVE-2026-44663

OpenEXR: Integer overflow in the HTJ2K decoder leads to heap-buffer-overflow_CVE-2026-44663

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 t...

AcademySoftwareFoundation openexr >= 3.4.0, < 3.4.11 CVE
HIGH 8.1 CVE-2026-43994

Coturn: Stack buffer overflow in decode_oauth_token_gcm()_CVE-2026-43994

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decode_oauth_token...

coturn coturn < 4.10.0 CVE
HIGH 8.3 CVE-2025-15661

libssh2 – Heap Buffer Over-read via sftp_symlink() in sftp.c_CVE-2025-15661

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c tha...

libssh2 libssh2 CVE
CRITICAL 9.1 CVE-2026-49454

Relyra SAML SignatureValue not cryptographically verified -> authentication bypass_CVE-2026-49454

Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures beca...

szTheory relyra >= 1.0.0, < 1.2.0 CVE
CRITICAL 10 CVE-2026-49257

mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind_CVE-2026-49257

mcp-pinot is a Python-based Model Context Protocol (MCP) server for interacting with Apache Pinot. In versions 3.0.1 and below, mcp-pinot defaults ...

startreedata mcp-pinot < 3.1.0 CVE
HIGH 7.6 CVE-2026-46699

conda-smithy vulnerable to misrouted repository invitation by conda-forge-webservices[bot] due to GitHub username takeover leading to unintended write access in conda-forge feedstock repository_CVE-2026-46699

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to...

conda-forge conda-smithy < 3.61.0 CVE