Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

56 New today
64,208 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

32
Jun 7
255
Jun 8
658
Jun 9
351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
47
Jun 20
Critical
High
Medium
Low
Latest
CVE CVSS 8.1

gonic has arbitrary file write in createPlaylist: any authenticated user can write playlist M3U content to attacker-controlled path on the host_CVE-2026-49340

gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, a logic error in `ServeCreateOrUpdatePlaylist` allows any authenticated Subsonic user (including non-admin) to write playlist M3U content to an attacker-controlled ab...

CVE-2026-49340 sentriz gonic < 0.21.0
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2026-49338

Subsonic API: any authenticated user can delete or read any other user’s playlist (IDOR)_CVE-2026-49338

gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, the Subsonic API endpoints `/rest/de...

sentriz gonic < 0.21.0 CVE
MEDIUM 6.5 CVE-2026-27878

Tempo TraceQL query with exemplar hint could result in unbounded memory usage_CVE-2026-27878

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resultin...

Grafana Enterprise Traces (GET) 2.6.1 CVE
MEDIUM 6.3 CVE-2026-12726

Awx: automation-controller: awx: github webhook second-order ssrf via unvalidated statuses_url exfiltrates pat credential_CVE-2026-12726

A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request webhooks, the controller stores the pull_request.status...

Red Hat Red Hat Ansible Automation Platform 2 CVE
CRITICAL 10 A52A5B67-31DB-

Exploit for SQL Injection in Sangoma Freepbx_A52A5B67-31DB-5B86-B528-C2F4F2A57FB3

FreePBX 16 — Unauthenticated SQLi to RCE Proof-of-concept exploit chaining two FreePBX vulnerabilities to go from zero access to remote code execut...

N/A N/A GITHUBEXPLOIT
NONE EA26B6D2-E45A-

cortex-plugin-hexstrike_EA26B6D2-E45A-5D45-930B-37F1EE561AD6

Example Plugin Brief one-line description of what this plugin does. Installation bash From marketplace cortex plugin install marketplace:example-pl...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 B7F3888A-67A2-

Exploit for OS Command Injection in Ray_Project Ray_B7F3888A-67A2-5DAE-904A-1F178F5B69DD

CVE-2023-6019 - Anyscale Ray Dashboard Unauthenticated RCE PoC exploit for CVE-2023-6019 — Remote Code Execution via unauthenticated Ray Dashboard ...

N/A N/A GITHUBEXPLOIT
NONE THN:E7B27AF7990...

Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain_THN:E7B27AF79906373961790705D467275B

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIM725Ni41-PBwM_6zXNdsydP1eZO7oSsWIlAqpwdOu9dOcZM6ZI1iaqwSsL3yZKT4lbFRM-eZVq3ARKDbLR...

N/A N/A THN
NONE THN:0B57AAEC379...

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes_THN:0B57AAEC379BB19269BA5F6FA540F390

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjNWtaK_WkFnKnaLTIwg043i_I6YVi5XuZGVzh30SGeK-iutwr6t2Ed3S6Qk0V9uykYueDD5WETtQ4sW1QwG...

N/A N/A THN
NONE 267A765B-AF6E-

PhantomCommits-CTF_267A765B-AF6E-5280-849A-0BDCD33EBD9F

STS-PR-13: Code Review CTF — Writeups Writeups for STS-PR-13: Conduct Security-Focused Code Review with Justification, a 3-challenge CTF built arou...

N/A N/A GITHUBEXPLOIT