Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

364 New today
67,079 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
386
Jun 26
53
Jun 27
318
Jun 28
284
Jun 29
375
Jun 30
Jul 1
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-13593

CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away_CVE-2026-13593

CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory lea...

GTERMARS CSS::Minifier::XS CVE
HIGH 7.5 CVE-2026-41896

Coolify: Unauthenticated Deployment Trigger via Webhook HMAC Bypass with Null Secret_CVE-2026-41896

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the HMAC key is the ap...

coollabsio coolify < 4.0.0-beta.474 CVE
HIGH 8.8 CVE-2026-34597

Coolify: Authenticated Host RCE_CVE-2026-34597

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.470, a critical Authenticat...

coollabsio coolify < 4.0.0-beta.470 CVE
HIGH 8.8 CVE-2026-34594

Coolify: Authenticated Remote Code Execution via Command Injection in Destination Network Management_CVE-2026-34594

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an authenticated comma...

coollabsio coolify < 4.0.0-beta.471 CVE
MEDIUM 6.3 CVE-2026-57997

Strapi users-permissions – JWT Algorithm Confusion via Missing Algorithm Configuration_CVE-2026-57997

Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowin...

strapi strapi CVE
HIGH 7.7 CVE-2026-34592

Coolify: Cross-Team IDOR via Unscoped Server and Project Lookups Exposes SSH Keys and Infrastructure_CVE-2026-34592

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, Coolify server and pro...

coollabsio coolify < 4.0.0-beta.471 CVE
MEDIUM 5.3 CVE-2026-10647

Deadlock denial of service in USB CDC-NCM device class on TX enqueue failure_CVE-2026-10647

The USB CDC-NCM device class (subsys/usb/device_next/class/usbd_cdc_ncm.c) ignores the return value of usbd_ep_enqueue() in its ethernet transmit c...

zephyrproject zephyr 4.1.0 CVE
HIGH 7.5 CVE-2026-8023

Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenticated remote arbitrary file read_CVE-2026-8023

Zephyr's HTTP server (subsys/net/lib/http) provides a static-filesystem resource type (HTTP_RESOURCE_TYPE_STATIC_FS, available when CONFIG_FILE_SYS...

zephyrproject zephyr 4.0.0 CVE
HIGH 8.1 CVE-2026-7656

Broken IPv6 Neighbor Discovery input validation allows spoofed RA/NS/NA acceptance in Zephyr net stack_CVE-2026-7656

The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6_nbr.c (handle_ra_input, handle_ns_input, handle_na_input) used an incorrect boolean expr...

zephyrproject zephyr 1.14.0 CVE