Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

318 New today
67,218 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
386
Jun 26
53
Jun 27
318
Jun 28
284
Jun 29
427
Jun 30
87
Jul 1
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.1 CVE-2026-56224

Capgo – Login CSRF and Session Fixation via URL Query Parameters_CVE-2026-56224

Capgo console.capgo.app/login before 12.128.2 accepts access_token and refresh_token in URL query parameters, automatically authenticating users wi...

Capgo Capgo CVE
HIGH 8.7 CVE-2026-56219

Capgo – Unauthenticated RBAC Bindings and Email Disclosure via get_org_user_access_rbac NULL-auth Bypass_CVE-2026-56219

Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.get_org_user_access_rbac function that allows unauthenticated attacke...

Capgo Capgo CVE
LOW 3.7 CVE-2026-54696

Ruby JSON: JSON generator heap buffer overflow when streaming to an IO_CVE-2026-54696

Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provid...

ruby json >= 2.9.0, < 2.19.9 CVE
HIGH 8.2 CVE-2026-54673

electron-updater: Cross-origin redirect leaks `PRIVATE-TOKEN` and mixed-case `Authorization` credentials in `builder-util-runtime`_CVE-2026-54673

electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler (HttpExecutor.prepareRedirectUrlOptions)...

electron-userland electron-builder < 26.15.0 CVE
HIGH 7.8 CVE-2026-54672

electron-updater: Uncontrolled search path elements within `AppImage` built by `app-builder-lib`_CVE-2026-54672

electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty pat...

electron-userland electron-builder < 26.15.0 CVE
MEDIUM 5.1 CVE-2026-50040

Cross-site Scripting in StoneFly Storage Concentrator_CVE-2026-50040

Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. A...

StoneFly Storage Concentrator CVE
MEDIUM 5.6 CVE-2026-28322

SolarWinds Database Performance Analyzer Stored Cross-Site Scripting Vulnerability_CVE-2026-28322

SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to...

SolarWinds Database Performance Analyzer 2026.1 and below CVE
MEDIUM 6.9 CVE-2025-71381

Hono – Vary Header Injection in CORS Middleware_CVE-2025-71381

Hono before 4.10.2 (fixed in 4.10.3) contains a flaw in its CORS middleware: when the origin is not set to "*", the middleware copies the Vary head...

Hono Hono CVE
HIGH 7.6 CVE-2025-71374

picklescan – Arbitrary Code Execution via Undetected profile.Profile.run_CVE-2025-71374

picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when used in pickle reduce methods, allowing attackers to...

picklescan picklescan CVE