Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

452 New today

63,801 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

517

Jun 5

109

Jun 6

Jun 7

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

459

Jun 17

Jun 18

Critical

High

Medium

Low

Latest

CVE CVSS 7.1

e107: Command Injection via shell expansion in ImageMagick resize destination path_CVE-2026-48997

e107 is a content management system (CMS). Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resize_image(), the source path is escaped with escapeshellarg(), but the destination path is inserted inside raw dou...

CVE-2026-48997 e107inc e107 < 2.3.6

Jun 17, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.5	CVE-2026-48991	XianYuLauncher: Legacy Microsoft account OAuth sign-in flow lacks PKCE and state validation_CVE-2026-48991 XianYuLauncher is a Minecraft Java Edition launcher. In versions prior to 1.5.5, sensitive authentication artifacts could be exposed during a user-...	XianYuLauncher	XianYuLauncher < 1.5.5	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-48990	joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization_CVE-2026-48990 joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions 1.3.4 throu...	authlib	joserfc < 1.6.7	Jun 17, 2026	CVE
HIGH 8.9	CVE-2026-48989	Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS_CVE-2026-48989 Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP contro...	CursorTouch	Windows-MCP < 0.7.5	Jun 17, 2026	CVE
MEDIUM 6.3	CVE-2026-48820	CakePHP: View::element() is missing a path containment check_CVE-2026-48820 CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, a...	cakephp	cakephp >= 5.3.0, < 5.3.6	Jun 17, 2026	CVE
HIGH 8.4	CVE-2026-12530	Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()_CVE-2026-12530 Improper neutralization of argument delimiters in the install_packages() method in AWS Bedrock AgentCore Python SDK versions >= 1.1.3 and < 1.6.1 m...	AWS	bedrock-agentcore 1.1.3	Jun 17, 2026	CVE
MEDIUM 6.9	CVE-2026-54533	vantage6 node has an Improper Access Control issue_CVE-2026-54533 vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms can potentially access othe...	vantage6	vantage6 < 5.0.0	Jun 17, 2026	CVE
MEDIUM 6.9	CVE-2026-54445	Vantage6: Set admin user and password from environment or configuration_CVE-2026-54445 vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 provide an initial user with username `root` and...	vantage6	vantage6 < 5.0.0	Jun 17, 2026	CVE
LOW 1.9	CVE-2026-50268	Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding_CVE-2026-50268 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configurat...	SteeltoeOSS	Steeltoe.Configuration.Encryption >= 4.0.0, < 4.2.0	Jun 17, 2026	CVE
MEDIUM 4.7	CVE-2026-50267	Steeltoe: TLS private keys written to /tmp with default permissions, never deleted_CVE-2026-50267 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configurat...	SteeltoeOSS	Steeltoe.Configuration.Abstractions >= 4.0.0, < 4.2.0	Jun 17, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

e107: Command Injection via shell expansion in ImageMagick resize destination path_CVE-2026-48997

Recent Advisories

XianYuLauncher: Legacy Microsoft account OAuth sign-in flow lacks PKCE and state validation_CVE-2026-48991

joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization_CVE-2026-48990

Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS_CVE-2026-48989

CakePHP: View::element() is missing a path containment check_CVE-2026-48820

Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()_CVE-2026-12530

vantage6 node has an Improper Access Control issue_CVE-2026-54533

Vantage6: Set admin user and password from environment or configuration_CVE-2026-54445

Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding_CVE-2026-50268

Steeltoe: TLS private keys written to /tmp with default permissions, never deleted_CVE-2026-50267

Protect Your Attack Surface with RedGem

Security Intelligence
Feed