Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

128 New today

64,732 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 9.3

picklescan – Remote Code Execution via Unblocked Standard Library Modules_CVE-2026-56315

picklescan before 1.0.4 fails to block at least seven Python standard library modules (including uuid, _osx_support, _aix_support, _pyrepl.pager, and imaplib) exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files i...

CVE-2026-56315 picklescan picklescan

Jun 23, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.8	CVE-2026-56301	Nuxt – Arbitrary File Read via World-Connectable vite-node IPC Socket on Linux_CVE-2026-56301 Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server (nuxt dev) on Linux, binds the vite-node IPC server to an abs...	Nuxt	Nuxt 4.0.0	Jun 23, 2026	CVE
MEDIUM 6	CVE-2026-56275	Flowise – Server-Side Request Forgery via Execute Flow Base URL_CVE-2026-56275 Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validat...	Flowise	Flowise	Jun 23, 2026	CVE
HIGH 8.7	CVE-2026-56274	Flowise – Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccess_CVE-2026-56274 Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validat...	Flowise	Flowise	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-56263	Crawl4AI – Stored Cross-Site Scripting in Monitor Dashboard_CVE-2026-56263 Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via ...	Crawl4AI	Crawl4AI	Jun 23, 2026	CVE
CRITICAL 9.2	CVE-2026-56258	Crawl4AI – Arbitrary File Write via output_path Symlink and TOCTOU_CVE-2026-56258 Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to w...	Crawl4AI	Crawl4AI 0.8.8	Jun 23, 2026	CVE
HIGH 8.7	CVE-2026-56248	Capgo – Unauthenticated Denial-of-Service via audit_logs RLS Policy_CVE-2026-56248 Cap-go capgo (capgo-backend) before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the audit_logs table's Row-L...	Cap-go	capgo	Jun 23, 2026	CVE
HIGH 8.6	CVE-2026-56243	Capgo – Hashed API Key Enforcement Bypass via PostgREST/RLS Plane_CVE-2026-56243 Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane accepts plaintext API keys through the capgkey...	Capgo	Capgo	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-56234	Capgo – Password Spraying via Public-Key Accessible Credential Validation Endpoint_CVE-2026-56234 Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validate_password_compliance endpoint that i...	Capgo	Capgo	Jun 23, 2026	CVE
HIGH 8.7	CVE-2026-56225	Capgo – Authorization Bypass in API Key Management via App-Limited Keys_CVE-2026-56225 Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers (get/put/delete/post). API keys crea...	Capgo	Capgo	Jun 23, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

picklescan – Remote Code Execution via Unblocked Standard Library Modules_CVE-2026-56315

Recent Advisories

Nuxt – Arbitrary File Read via World-Connectable vite-node IPC Socket on Linux_CVE-2026-56301

Flowise – Server-Side Request Forgery via Execute Flow Base URL_CVE-2026-56275

Flowise – Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccess_CVE-2026-56274

Crawl4AI – Stored Cross-Site Scripting in Monitor Dashboard_CVE-2026-56263

Crawl4AI – Arbitrary File Write via output_path Symlink and TOCTOU_CVE-2026-56258

Capgo – Unauthenticated Denial-of-Service via audit_logs RLS Policy_CVE-2026-56248

Capgo – Hashed API Key Enforcement Bypass via PostgREST/RLS Plane_CVE-2026-56243

Capgo – Password Spraying via Public-Key Accessible Credential Validation Endpoint_CVE-2026-56234

Capgo – Authorization Bypass in API Key Management via App-Limited Keys_CVE-2026-56225

Protect Your Attack Surface with RedGem

Security Intelligence
Feed