Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

61 New today

66,420 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

386

Jun 26

Jun 27

318

Jun 28

Jun 29

Critical

High

Medium

Low

Latest

CVE CVSS 7.2

MyBB – Privilege Escalation from Limited ACP User Management to Administrator_CVE-2026-58054

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group (gid 4) and its datahandler's verify_usergroup() unconditionally returns true. An admin holding only the ...

CVE-2026-58054 MyBB MyBB

Jun 28, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.9	CVE-2026-58053	Gitea act_runner – Container Hardening Bypass via Workflow Container Options_CVE-2026-58053 Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job container's HostConfi...	Gitea	act_runner	Jun 28, 2026	CVE
LOW 3.3	CVE-2026-58052	7-Zip – Mark-of-the-Web Bypass via RAR5 Alternate Data Stream Name Collision_CVE-2026-58052 7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an ...	7-Zip	7-Zip	Jun 28, 2026	CVE
MEDIUM 6.5	CVE-2026-58051	libssh2 – Free of Uninitialized Pointer in publickey List Cleanup_CVE-2026-58051 libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a pars...	libssh2	libssh2	Jun 28, 2026	CVE
HIGH 7	CVE-2026-58050	libssh2 – Integer Overflow in publickey Subsystem Attribute Allocation_CVE-2026-58050 libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_at...	libssh2	libssh2	Jun 28, 2026	CVE
HIGH 8.6	CVE-2026-58049	FFmpeg – Out-of-Bounds Write in RASC Decoder decode_dlta()_CVE-2026-58049 FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary...	FFmpeg	FFmpeg	Jun 28, 2026	CVE
NONE	4DB773AB-3515-	IITR_Capstone_RedScope_Project_4DB773AB-3515-56F0-A117-B6F5C0AA746F RedScope Capstone Project Lab-only red-team assessment for web exploitation, network compromise, post-exploitation, and adversarial-ML testing. Git...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
HIGH 7.2	52E3EC4D-B3B2-	Exploit for Unrestricted Upload of File with Dangerous Type in Devcode Openstamanager_52E3EC4D-B3B2-5A5A-B602-597C9814297E OpenSTAManager RCE Exploit CVE-2026-38751 Arbitrary File Upload leading to Remote Code Execution Full-featured proof-of-concept for CVE-2026-38751,...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
CRITICAL 9.4	46CC1A3B-E288-	Exploit for OS Command Injection in Devcode Openstamanager_46CC1A3B-E288-5D6F-BB8A-C0B2ECAF3AD9 CVE-2025-69212 — OpenSTAManager P7M Command Injection PoC OpenSTAManager = 2.9.8 — OS Command Injection via malicious .p7m filename in ZIP upload. ...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
HIGH 8.7	CVE-2026-10643	Out-of-bounds heap write in Zephyr `recvmsg()` ancillary-data path (`insert_pktinfo` undersizes the control-buffer capacity check)_CVE-2026-10643 Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()) validated the user-supplied ancillary (msg_co...	zephyrproject	zephyr 3.6.0	Jun 27, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

MyBB – Privilege Escalation from Limited ACP User Management to Administrator_CVE-2026-58054

Recent Advisories

Gitea act_runner – Container Hardening Bypass via Workflow Container Options_CVE-2026-58053

7-Zip – Mark-of-the-Web Bypass via RAR5 Alternate Data Stream Name Collision_CVE-2026-58052

libssh2 – Free of Uninitialized Pointer in publickey List Cleanup_CVE-2026-58051

libssh2 – Integer Overflow in publickey Subsystem Attribute Allocation_CVE-2026-58050

FFmpeg – Out-of-Bounds Write in RASC Decoder decode_dlta()_CVE-2026-58049

IITR_Capstone_RedScope_Project_4DB773AB-3515-56F0-A117-B6F5C0AA746F

Exploit for Unrestricted Upload of File with Dangerous Type in Devcode Openstamanager_52E3EC4D-B3B2-5A5A-B602-597C9814297E

Exploit for OS Command Injection in Devcode Openstamanager_46CC1A3B-E288-5D6F-BB8A-C0B2ECAF3AD9

Out-of-bounds heap write in Zephyr `recvmsg()` ancillary-data path (`insert_pktinfo` undersizes the control-buffer capacity check)_CVE-2026-10643

Protect Your Attack Surface with RedGem

Security Intelligence
Feed