Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

220 New today

64,839 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

201

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 9.6

immich: One-click account takeover via XSS in login page continue redirect_CVE-2026-53662

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting (XSS) vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single ...

CVE-2026-53662 immich-app immich >= main@4ffa26c9, < main@4eb1003

Jun 23, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.2	CVE-2026-52846	Caddy: stripHTML template function bypass_CVE-2026-52846 Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HT...	caddyserver	caddy < 2.11.4	Jun 23, 2026	CVE
HIGH 8.1	CVE-2026-52845	Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`_CVE-2026-52845 Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers deletes the exact client-supplied ident...	caddyserver	caddy < 2.11.4	Jun 23, 2026	CVE
HIGH 7.5	CVE-2026-52844	Caddy: Windows `file_server` path authorization bypass via encoded backslash_CVE-2026-52844 Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outs...	caddyserver	caddy < 2.11.4	Jun 23, 2026	CVE
MEDIUM 5.4	CVE-2026-45692	Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization_CVE-2026-45692 Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer d...	caddyserver	caddy >= 2.4.0, < 2.11.3	Jun 23, 2026	CVE
HIGH 8.1	CVE-2026-45135	Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files_CVE-2026-45135 Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos() in modules/caddyhttp/r...	caddyserver	caddy >= 2.7.0, < 2.11.3	Jun 23, 2026	CVE
MEDIUM 4.1	CVE-2026-0864	Configuration Injection via Carriage Return (\r) in write() method_CVE-2026-0864 When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the result...	Python Software Foundation	CPython	Jun 23, 2026	CVE
HIGH 9.3	844FC1AB-4B6F-	Exploit for OS Command Injection in Apache Tomcat_844FC1AB-4B6F-5722-BE86-44451AAF41EC CVE-2019-0232 — Apache Tomcat CGI Servlet RCE Educational PoC for authorized CTF / penetration testing only. Running this against systems you do no...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
NONE	FILIPPOIO:7E5AA...	Vulnerability Reports Are Not Special Anymore_FILIPPOIO:7E5AA1729D42CFF70B3B99F0B9C1A508 A requirement for staying sane while working in public as an open source maintainer is realizing that every issue, PR, and piece of feedback is a p...	N/A	N/A	Jun 23, 2026	FILIPPOIO
NONE	QUALYSBLOG:FDC7...	3 Paths to Upgrade Windows 11 before 24H2 End of Servicing (EOL)_QUALYSBLOG:FDC705F50F73787D6AF114F35B4AE2FD * * * #### Key Takeaways * Windows 11 24H2 reaches the end of servicing on October 13, 2026, making timely enterprise upgrades critical. * En...	N/A	N/A	Jun 23, 2026	QUALYSBLOG

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

immich: One-click account takeover via XSS in login page continue redirect_CVE-2026-53662

Recent Advisories

Caddy: stripHTML template function bypass_CVE-2026-52846

Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`_CVE-2026-52845

Caddy: Windows `file_server` path authorization bypass via encoded backslash_CVE-2026-52844

Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization_CVE-2026-45692

Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files_CVE-2026-45135

Configuration Injection via Carriage Return (\r) in write() method_CVE-2026-0864

Exploit for OS Command Injection in Apache Tomcat_844FC1AB-4B6F-5722-BE86-44451AAF41EC

Vulnerability Reports Are Not Special Anymore_FILIPPOIO:7E5AA1729D42CFF70B3B99F0B9C1A508

3 Paths to Upgrade Windows 11 before 24H2 End of Servicing (EOL)_QUALYSBLOG:FDC705F50F73787D6AF114F35B4AE2FD

Protect Your Attack Surface with RedGem

Security Intelligence
Feed