Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

49 New today

64,210 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

Jun 21

Critical

High

Medium

Low

Latest

CVE CVSS 9.1

Relyra SAML SignatureValue not cryptographically verified -> authentication bypass_CVE-2026-49454

Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig ...

CVE-2026-49454 szTheory relyra >= 1.0.0, < 1.2.0

Jun 18, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	CVE-2026-49257	mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind_CVE-2026-49257 mcp-pinot is a Python-based Model Context Protocol (MCP) server for interacting with Apache Pinot. In versions 3.0.1 and below, mcp-pinot defaults ...	startreedata	mcp-pinot < 3.1.0	Jun 18, 2026	CVE
HIGH 7.6	CVE-2026-46699	conda-smithy vulnerable to misrouted repository invitation by conda-forge-webservices[bot] due to GitHub username takeover leading to unintended write access in conda-forge feedstock repository_CVE-2026-46699 conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to...	conda-forge	conda-smithy < 3.61.0	Jun 18, 2026	CVE
HIGH 8.3	CVE-2026-45696	OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)_CVE-2026-45696 OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 t...	AcademySoftwareFoundation	openexr >= 3.4.0, < 3.4.11	Jun 18, 2026	CVE
LOW 2.3	CVE-2026-8668	Hardcoded credentials in embedded content_CVE-2026-8668 A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained ten...	Progress Chef	Chef360	Jun 18, 2026	CVE
HIGH 8.6	CVE-2026-8100	CVE-2026-8100_CVE-2026-8100 Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions....	Progress Chef	Chef360	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-54130	M365 Copilot Information Disclosure Vulnerability_CVE-2026-54130 {“lastseen”:””,”description”:””,”published”:”2026-06-18T21:42:39.358Z”,&#82...	Microsoft	Microsoft 365 Copilot -	Jun 18, 2026	CVE
HIGH 7.7	CVE-2026-54017	Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal_CVE-2026-54017 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse prox...	open-webui	open-webui < 0.9.6	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-49205	phpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix)_CVE-2026-49205 phpMyFAQ is an open source FAQ web application. Versions prior to 4.1.4 have Missing Authorization in the API CategoryController. CVE-2026-24421 a...	thorsten	phpMyFAQ < 4.1.4	Jun 18, 2026	CVE
CRITICAL 9.9	CVE-2026-47647	Dynamics 365 Elevation of Privilege Vulnerability_CVE-2026-47647 {“lastseen”:””,”description”:””,”published”:”2026-06-18T21:42:40.084Z”,&#82...	Microsoft	Microsoft Dynamics 365 -	Jun 18, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Relyra SAML SignatureValue not cryptographically verified -> authentication bypass_CVE-2026-49454

Recent Advisories

mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind_CVE-2026-49257

conda-smithy vulnerable to misrouted repository invitation by conda-forge-webservices[bot] due to GitHub username takeover leading to unintended write access in conda-forge feedstock repository_CVE-2026-46699

OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)_CVE-2026-45696

Hardcoded credentials in embedded content_CVE-2026-8668

CVE-2026-8100_CVE-2026-8100

M365 Copilot Information Disclosure Vulnerability_CVE-2026-54130

Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal_CVE-2026-54017

phpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix)_CVE-2026-49205

Dynamics 365 Elevation of Privilege Vulnerability_CVE-2026-47647

Protect Your Attack Surface with RedGem

Security Intelligence
Feed