Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

262 New today
64,882 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
244
Jun 23
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.6 CVE-2026-54317

Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN_CVE-2026-54317

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration regi...

home-assistant core < 2026.6.0 CVE
CRITICAL 9 CVE-2026-54157

LobeHub: Unauthenticated SSRF in `/webapi/proxy`_CVE-2026-54157

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy e...

lobehub lobehub < 2.1.57 CVE
CRITICAL 9.6 CVE-2026-53662

immich: One-click account takeover via XSS in login page continue redirect_CVE-2026-53662

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting ...

immich-app immich >= main@4ffa26c9, < main@4eb1003 CVE
MEDIUM 4.2 CVE-2026-52846

Caddy: stripHTML template function bypass_CVE-2026-52846

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HT...

caddyserver caddy < 2.11.4 CVE
HIGH 8.1 CVE-2026-52845

Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`_CVE-2026-52845

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers deletes the exact client-supplied ident...

caddyserver caddy < 2.11.4 CVE
HIGH 7.5 CVE-2026-52844

Caddy: Windows `file_server` path authorization bypass via encoded backslash_CVE-2026-52844

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outs...

caddyserver caddy < 2.11.4 CVE
MEDIUM 5.4 CVE-2026-45692

Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization_CVE-2026-45692

Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer d...

caddyserver caddy >= 2.4.0, < 2.11.3 CVE
HIGH 8.1 CVE-2026-45135

Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files_CVE-2026-45135

Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos() in modules/caddyhttp/r...

caddyserver caddy >= 2.7.0, < 2.11.3 CVE
MEDIUM 4.1 CVE-2026-0864

Configuration Injection via Carriage Return (\r) in write() method_CVE-2026-0864

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the result...

Python Software Foundation CPython CVE