Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

93 New today

64,177 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 7

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

Critical

High

Medium

Low

Latest

CVE CVSS 5.3

YARD static cache reads raw traversal paths before router sanitization_CVE-2026-49342

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as `/../yard-cache...

CVE-2026-49342 lsegal yard < 0.9.44

Jun 19, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.4	CVE-2026-48787	gin-vue-admin vulnerable to RCE_CVE-2026-48787 gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature ...	flipped-aurora	gin-vue-admin = 2.9.1	Jun 19, 2026	CVE
HIGH 7.5	CVE-2026-48774	ProxySQL MCP run_sql_readonly executes side-effecting MySQL multi-statements despite read-only contract_CVE-2026-48774 ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP `run_sql_readonly` tool v...	sysown	proxysql >= 3.0.6, < 3.0.9	Jun 19, 2026	CVE
CRITICAL 9.8	CVE-2026-48773	ProxySQL pre-auth heap overflow in MySQL and PostgreSQL first-packet handling_CVE-2026-48773 ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption ...	sysown	proxysql >= 2.0.18, < 3.0.9	Jun 19, 2026	CVE
CRITICAL 10	CVE-2026-48772	ProxySQL: PROXY-Protocol-v1 UNKNOWN parses spoofed source IP, bypassing mysql_query_rules.client_addr ACL_CVE-2026-48772 ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the `PROXY...	sysown	proxysql >= 2.0.0, < 3.0.9	Jun 19, 2026	CVE
HIGH 7.7	CVE-2026-48715	radvdump’s Route Information Option Parser has a Stack Buffer Overflow_CVE-2026-48715 radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the `radvdump` utility shipped with radvd contains a stack buffer overflow ...	radvd-project	radvdump < 2.21	Jun 19, 2026	CVE
HIGH 7.1	CVE-2026-48089	DevGuard has improper authorization on public assets_CVE-2026-48089 DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public a...	l3montree-dev	devguard < 1.4.2	Jun 19, 2026	CVE
HIGH 7.5	CVE-2026-50559	Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities_CVE-2026-50559 Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20....	quarkusio	quarkus >= 3.36.0, < 3.36.3	Jun 19, 2026	CVE
HIGH 7.1	CVE-2026-49346	libde265 has a heap buffer overflow in de265_image_get_buffer via SPS dimension integer overflow_CVE-2026-49346 libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and...	strukturag	libde265 < 1.1.0	Jun 19, 2026	CVE
MEDIUM 4.3	CVE-2026-49337	libde265 has an unbounded memory leak via orphaned slice headers in `read_slice_NAL`_CVE-2026-49337 libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes `decoder_...	strukturag	libde265 < 1.0.20	Jun 19, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

YARD static cache reads raw traversal paths before router sanitization_CVE-2026-49342

Recent Advisories

gin-vue-admin vulnerable to RCE_CVE-2026-48787

ProxySQL MCP run_sql_readonly executes side-effecting MySQL multi-statements despite read-only contract_CVE-2026-48774

ProxySQL pre-auth heap overflow in MySQL and PostgreSQL first-packet handling_CVE-2026-48773

ProxySQL: PROXY-Protocol-v1 UNKNOWN parses spoofed source IP, bypassing mysql_query_rules.client_addr ACL_CVE-2026-48772

radvdump’s Route Information Option Parser has a Stack Buffer Overflow_CVE-2026-48715

DevGuard has improper authorization on public assets_CVE-2026-48089

Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities_CVE-2026-50559

libde265 has a heap buffer overflow in de265_image_get_buffer via SPS dimension integer overflow_CVE-2026-49346

libde265 has an unbounded memory leak via orphaned slice headers in `read_slice_NAL`_CVE-2026-49337

Protect Your Attack Surface with RedGem

Security Intelligence
Feed