Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

224 New today

65,462 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

175

Jun 25

Critical

High

Medium

Low

Latest

CVE CVSS 1.1

Stored Cross-Site Scripting in Canarytokens.org_CVE-2026-13140

Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledge of a random identifier. This issue affects Canarytokens: from Docker tag sha-4116b92cb before sha-f5aa5c4e, from Git commit ...

CVE-2026-13140 Thinkst Applied Research Canarytokens sha-4116b92cb

Jun 24, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	2DEFD2D9-CD2E-	Exploit for OS Command Injection in Fortinet Fortiweb_2DEFD2D9-CD2E-5E1B-BEAB-3A15FD3493B4 Mô phỏng khai thác FortiWeb CVE-2025-64446 & CVE-2025-58034 Lưu ý: - Tài liệu này chỉ phục vụ mục đích học tập và nghiên cứu bảo mật. - Không sử dụ...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
HIGH 10	671F5C5A-5DF1-	Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx_Firmware_671F5C5A-5DF1-5396-BCA3-038841185E26 Mô phỏng khai thác Dahua Authentication Bypass PoC CVE-2021-33044 Tổng quan Camera IP Dahua là thiết bị IoT được sử dụng phổ biến trong các hệ thốn...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
CRITICAL 10	FC87C5D8-8FE4-	Exploit for Deserialization of Untrusted Data in Facebook React_FC87C5D8-8FE4-516F-8C86-FF2150B1A826 Mô phỏng khai thác React2Shell CVE-2025-55182 Lưu ý: - Tài liệu này chỉ phục vụ mục đích học tập và nghiên cứu bảo mật. - Không sử dụng để tấn công...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
HIGH 7.8	1C4C9845-A374-	Exploit for Improper Privilege Management in Enlightenment_1C4C9845-A374-55A0-891B-94D916CABECA CVE-2022-37706 Overview CVE-2022-37706 adalah kerentanan Local Privilege Escalation LPE yang ditemukan pada komponen enlightenmentsys di lingkungan...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
HIGH 7.6	CVE-2025-71354	picklescan – Remote Code Execution via idlelib.debugobj.ObjectTreeItem.SetText_CVE-2025-71354 picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. At...	picklescan	picklescan	Jun 24, 2026	CVE
HIGH 8.5	CVE-2025-71332	Flowise – SQL Injection in importChatflows API via chatflow.id Parameter_CVE-2025-71332 Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, a...	Flowise	Flowise	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-13163	Lack of input validation in Mailerup input parameter leads to Open Redirect_CVE-2026-13163 Open redirect vulnerability (CWE-601) in the _safe_redirect function of the click-tracking endpoint (/c//) in Mailerup	Mailerup	Mailerup	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-12242	AdRotate Banner Manager <= 5.17.7 - Authenticated (Contributor+) PHP Code Injection via 'banner' Shortcode Attribute_CVE-2026-12242 The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' ...	adegans	AdRotate Banner Manager	Jun 24, 2026	CVE
HIGH 8.4	CVE-2026-42450	OpenColorIO vulnerable to stack buffer overflow via unbounded `sscanf %s` in Spi3D (.spi3d) LUT parser_CVE-2026-42450 OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, `FileFormatSpi3D.cpp:163` uses `sscanf` with ...	AcademySoftwareFoundation	OpenColorIO < 2.5.2	Jun 24, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Stored Cross-Site Scripting in Canarytokens.org_CVE-2026-13140

Recent Advisories

Exploit for OS Command Injection in Fortinet Fortiweb_2DEFD2D9-CD2E-5E1B-BEAB-3A15FD3493B4

Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx_Firmware_671F5C5A-5DF1-5396-BCA3-038841185E26

Exploit for Deserialization of Untrusted Data in Facebook React_FC87C5D8-8FE4-516F-8C86-FF2150B1A826

Exploit for Improper Privilege Management in Enlightenment_1C4C9845-A374-55A0-891B-94D916CABECA

picklescan – Remote Code Execution via idlelib.debugobj.ObjectTreeItem.SetText_CVE-2025-71354

Flowise – SQL Injection in importChatflows API via chatflow.id Parameter_CVE-2025-71332

Lack of input validation in Mailerup input parameter leads to Open Redirect_CVE-2026-13163

AdRotate Banner Manager <= 5.17.7 - Authenticated (Contributor+) PHP Code Injection via 'banner' Shortcode Attribute_CVE-2026-12242

OpenColorIO vulnerable to stack buffer overflow via unbounded `sscanf %s` in Spi3D (.spi3d) LUT parser_CVE-2026-42450

Protect Your Attack Surface with RedGem

Security Intelligence
Feed