Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

182 New today
64,729 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
91
Jun 23
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2026-56280

Cap-go – Privilege Inversion in Build Log Stream via SSE Disconnect_CVE-2026-56280

Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API key holders to cancel runni...

Cap-go capgo CVE
MEDIUM 5.3 CVE-2026-56268

Flowise – Cross-Workspace Information Disclosure via chatflows/apikey Endpoint_CVE-2026-56268

Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query para...

Flowise Flowise CVE
CRITICAL 9.2 CVE-2026-56266

Crawl4AI – Server-Side Request Forgery via Direct Crawl Endpoints_CVE-2026-56266

Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitra...

unclecode Crawl4AI 0.8.7 CVE
MEDIUM 5.3 CVE-2026-56255

Capgo – Denial of Service via Unlimited Demo App Creation_CVE-2026-56255

Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write perm...

Capgo Capgo CVE
HIGH 7.1 CVE-2026-56221

Cap-go – SQL Injection in Cloudflare Analytics Engine Queries via cloudflare.ts_CVE-2026-56221

Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-controlled values from API request bodies are in...

Cap-go capgo CVE
HIGH 7.6 CVE-2026-55409

Filament: Disabled RichEditor field state can be used for XSS_CVE-2026-55409

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendere...

filamentphp filament >= 3.0.0, < 3.3.53 CVE
MEDIUM 6.5 CVE-2026-54911

UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()_CVE-2026-54911

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps() (or ujson.dump() or uj...

ultrajson ultrajson < 5.13.0 CVE
HIGH 8.7 CVE-2026-54281

Nest: Middleware Bypass on Fastify via Trailing Slash_CVE-2026-54281

Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.24, an authentication bypass vulnerability exists in @nes...

nestjs nest < 11.1.24 CVE
MEDIUM 6.3 CVE-2026-48517

MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments_CVE-2026-48517

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's typeless deserialization includes MessagePa...

MessagePack-CSharp MessagePack-CSharp >= 3.1.7, < 3.1.7 CVE