Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

299 New today

64,631 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

310

Jun 22

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 7

ALSA Library < 1.2.16.1 Double-Free via parse_def() in conf.c_CVE-2026-56109

The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array config...

CVE-2026-56109 alsa-project alsa-lib

Jun 22, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-55602	http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass_CVE-2026-55602 http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-ta...	chimurai	http-proxy-middleware >= 4.0.0, < 4.1.0	Jun 22, 2026	CVE
HIGH 8.1	CVE-2026-55388	piscina: Prototype Pollution Gadget → RCE via inherited options.filename_CVE-2026-55388 piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run() paths read the filename opt...	piscinajs	piscina < 4.9.3	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-54290	Hono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcard_CVE-2026-54290 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, with credentials: true and no explicit orig...	honojs	hono < 4.12.25	Jun 22, 2026	CVE
MEDIUM 4.8	CVE-2026-54289	Hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest_CVE-2026-54289 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a r...	honojs	hono < 4.12.25	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-54287	Hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice_CVE-2026-54287 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header respon...	honojs	hono < 4.12.25	Jun 22, 2026	CVE
MEDIUM 5.9	CVE-2026-54286	Hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)_CVE-2026-54286 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on Windows hosts, an encoded backslash (%5C...	honojs	hono < 4.12.25	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-54285	opentelemetry-js: Unbounded memory allocation in W3C Baggage propagation_CVE-2026-54285 opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract() in @opentelemetry/core does not enforce siz...	open-telemetry	opentelemetry-js < 2.8.0	Jun 22, 2026	CVE
HIGH 7.5	CVE-2026-54283	Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS_CVE-2026-54283 Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form() accepts max_fields and max_part_size to bound resource co...	Kludex	starlette >= 0.4.1, < 1.3.1	Jun 22, 2026	CVE
LOW 3.7	CVE-2026-54282	Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname_CVE-2026-54282 Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request....	Kludex	starlette < 1.3.0	Jun 22, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

ALSA Library < 1.2.16.1 Double-Free via parse_def() in conf.c_CVE-2026-56109

Recent Advisories

http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass_CVE-2026-55602

piscina: Prototype Pollution Gadget → RCE via inherited options.filename_CVE-2026-55388

Hono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcard_CVE-2026-54290

Hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest_CVE-2026-54289

Hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice_CVE-2026-54287

Hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)_CVE-2026-54286

opentelemetry-js: Unbounded memory allocation in W3C Baggage propagation_CVE-2026-54285

Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS_CVE-2026-54283

Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname_CVE-2026-54282

Protect Your Attack Surface with RedGem

Security Intelligence
Feed