Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

293 New today
66,401 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
386
Jun 26
53
Jun 27
299
Jun 28
Jun 29
Critical
High
Medium
Low
Latest
CVE CVSS 5.7

OpenProject: Stored CSS injection via Sanitize::Config::RELAXED[:css] enables phishing overlays and data exfiltration_CVE-2026-44696

OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text (markdown) rendering pipeline uses Sanitize::Config::RELAXED[:css] for inline style sanitization. This configuration permits essentially all CSS properties in style attr...

CVE-2026-44696 opf openproject < 17.4.0
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.7 CVE-2026-32833

Cudy LT300 3.0 OS Command Injection via NTP Configuration_CVE-2026-32833

Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execu...

Shenzhen Cudy Technology Co., Ltd. LT300 3.0 CVE
MEDIUM 5.3 CVE-2026-29509

Patool < 4.0.5 Path Traversal via safe_extract() Function_CVE-2026-29509

Patool before 4.0.5 contains a path traversal vulnerability in the safe_extract() function in patoolib/programs/py_tarfile.py when running on Pytho...

wummel patool CVE
HIGH 8.5 CVE-2026-54353

Budibase: Potential SSRF DNS rebinding bypass in outbound fetch validation_CVE-2026-54353

Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist...

Budibase budibase < 3.39.9 CVE
CRITICAL 9.6 CVE-2026-54352

Budibase: Arbitrary file read by workspace-builder via PWA-zip symlink upload_CVE-2026-54352

Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packages/server/src/api/routes/static.ts:24 accepts a...

Budibase budibase < 3.39.9 CVE
HIGH 8.2 CVE-2026-54351

Budibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId Override_CVE-2026-54351

Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly accessible and passes the full ...

Budibase budibase < 3.39.9 CVE
CRITICAL 10 CVE-2026-54350

Budibase: Anonymous NoSQL operator injection via published-app query templates_CVE-2026-54350

Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of t...

Budibase budibase < 3.39.12 CVE
HIGH 7.5 CVE-2026-52885

Notepad++ TOCTOU: HMAC Checks Disk, Executes from Memory_CVE-2026-52885

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the momen...

notepad-plus-plus notepad-plus-plus < 8.9.6.4 CVE
HIGH 7.8 CVE-2026-52884

Notepad++: CVE-2026-48800 Bypass_CVE-2026-52884

Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory() does NOT canonicalize the path before checking. It uses...

notepad-plus-plus notepad-plus-plus = 8.9.6.1 CVE
HIGH 8.2 CVE-2026-50137

Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials_CVE-2026-50137

Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace id (app_...) and an S3-...

Budibase budibase < 3.39.0 CVE