Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

147 New today
64,446 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

658
Jun 9
351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
125
Jun 22
Critical
High
Medium
Low
Latest
CVE CVSS 8.3

Windows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theft_CVE-2026-54100

A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH...

CVE-2026-54100 Red Hat Red Hat OpenShift Container Platform 4
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.8 CVE-2026-54099

Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters_CVE-2026-54099

A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that ...

Red Hat Red Hat OpenShift Container Platform 4 CVE
HIGH 7.7 CVE-2026-42129

Path Traversal in Loki Datasource leads to Internal Information Disclosure_CVE-2026-42129

The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin'...

Grafana Grafana OSS CVE
CRITICAL 9.6 CVE-2026-28381

Local File Read/Write to Potential Privilege Escalation via Snowflake GET/PUT_CVE-2026-28381

The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write fil...

Grafana Snowflake Datasource 1.14.7 CVE
LOW 2 CVE-2026-12888

HTML injection in the Canarytoken Google Chat notification_CVE-2026-12888

An HTML injection vulnerability exists in the Google Chat webhook notification  sent by Thinkst Applied Research Canarytokens, enabling Interface M...

Thinkst Applied Research Canarytokens sha-4aef1db90 CVE
HIGH 8.8 CVE-2026-12602

Incorrect permissions in ArubaSign by Aruba_CVE-2026-12602

Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate perm...

Aruba ArubaSign CVE
MEDIUM 5.4 CVE-2026-10601

Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access_CVE-2026-10601

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, ena...

Grafana Grafana OSS 11.6.0 CVE
CRITICAL 10 CVE-2026-10561

Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection_CVE-2026-10561

IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass t...

IBM Langflow OSS 1.0.0 CVE
MEDIUM 5.4 CVE-2025-33128

IBM Engineering Lifecycle Management – Engineering Workflow Management is impacted by vulnerabilities HTML / XSS Injection observed_CVE-2025-33128

IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting....

IBM Engineering Workflow Management 7.0.3 CVE
MEDIUM 6 CVE-2025-2669

Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data._CVE-2025-2669

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform ope...

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 4.8.0 CVE