Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

288 New today
64,608 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

658
Jun 9
351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
287
Jun 22
Critical
High
Medium
Low
Latest
CVE CVSS 7.1

Broken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, templates, and decaying models_CVE-2026-56424

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant featu...

CVE-2026-56424 misp misp
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.4 CVE-2026-56423

MISP Core: Broken access control allows instance-wide unauthorized deletion of event reports and sharing groups via bulk deletion endpoints_CVE-2026-56423

MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection hand...

misp misp CVE
HIGH 8.3 CVE-2026-54100

Windows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theft_CVE-2026-54100

A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Window...

Red Hat Red Hat OpenShift Container Platform 4 CVE
HIGH 8.8 CVE-2026-54099

Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters_CVE-2026-54099

A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that ...

Red Hat Red Hat OpenShift Container Platform 4 CVE
HIGH 7.7 CVE-2026-42129

Path Traversal in Loki Datasource leads to Internal Information Disclosure_CVE-2026-42129

The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin'...

Grafana Grafana OSS CVE
CRITICAL 9.6 CVE-2026-28381

Local File Read/Write to Potential Privilege Escalation via Snowflake GET/PUT_CVE-2026-28381

The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write fil...

Grafana Snowflake Datasource 1.14.7 CVE
LOW 2 CVE-2026-12888

HTML injection in the Canarytoken Google Chat notification_CVE-2026-12888

An HTML injection vulnerability exists in the Google Chat webhook notification  sent by Thinkst Applied Research Canarytokens, enabling Interface M...

Thinkst Applied Research Canarytokens sha-4aef1db90 CVE
HIGH 8.8 CVE-2026-12602

Incorrect permissions in ArubaSign by Aruba_CVE-2026-12602

Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate perm...

Aruba ArubaSign CVE
MEDIUM 5.4 CVE-2026-10601

Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access_CVE-2026-10601

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, ena...

Grafana Grafana OSS 11.6.0 CVE
CRITICAL 10 CVE-2026-10561

Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection_CVE-2026-10561

IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass t...

IBM Langflow OSS 1.0.0 CVE