Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

128 New today

64,732 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 7.3

IBM WebSphere Application Server is affected by an authentication bypass vulnerability_CVE-2026-10845

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.

CVE-2026-10845 IBM WebSphere Application Server 8.5.0

Jun 22, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7	CVE-2026-56109	ALSA Library < 1.2.16.1 Double-Free via parse_def() in conf.c_CVE-2026-56109 The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows ...	alsa-project	alsa-lib	Jun 22, 2026	CVE
MEDIUM 6.9	CVE-2026-55602	http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass_CVE-2026-55602 http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-ta...	chimurai	http-proxy-middleware >= 4.0.0, < 4.1.0	Jun 22, 2026	CVE
HIGH 8.1	CVE-2026-55388	piscina: Prototype Pollution Gadget → RCE via inherited options.filename_CVE-2026-55388 piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run() paths read the filename opt...	piscinajs	piscina < 4.9.3	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-54290	Hono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcard_CVE-2026-54290 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, with credentials: true and no explicit orig...	honojs	hono < 4.12.25	Jun 22, 2026	CVE
MEDIUM 4.8	CVE-2026-54289	Hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest_CVE-2026-54289 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a r...	honojs	hono < 4.12.25	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-54287	Hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice_CVE-2026-54287 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header respon...	honojs	hono < 4.12.25	Jun 22, 2026	CVE
MEDIUM 5.9	CVE-2026-54286	Hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)_CVE-2026-54286 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on Windows hosts, an encoded backslash (%5C...	honojs	hono < 4.12.25	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-54285	opentelemetry-js: Unbounded memory allocation in W3C Baggage propagation_CVE-2026-54285 opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract() in @opentelemetry/core does not enforce siz...	open-telemetry	opentelemetry-js < 2.8.0	Jun 22, 2026	CVE
HIGH 7.5	CVE-2026-54283	Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS_CVE-2026-54283 Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form() accepts max_fields and max_part_size to bound resource co...	Kludex	starlette >= 0.4.1, < 1.3.1	Jun 22, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

IBM WebSphere Application Server is affected by an authentication bypass vulnerability_CVE-2026-10845

Recent Advisories

ALSA Library < 1.2.16.1 Double-Free via parse_def() in conf.c_CVE-2026-56109

http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass_CVE-2026-55602

piscina: Prototype Pollution Gadget → RCE via inherited options.filename_CVE-2026-55388

Hono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcard_CVE-2026-54290

Hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest_CVE-2026-54289

Hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice_CVE-2026-54287

Hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)_CVE-2026-54286

opentelemetry-js: Unbounded memory allocation in W3C Baggage propagation_CVE-2026-54285

Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS_CVE-2026-54283

Protect Your Attack Surface with RedGem

Security Intelligence
Feed