Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

225 New today

65,345 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

Jun 25

Critical

High

Medium

Low

Latest

CVE CVSS 4.6

Frappe Framework 17.0.0-dev – Stored XSS in frappe.get_avatar image rendering_CVE-2026-50700

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.get_avatar function.

CVE-2026-50700 Frappe Frappe Framework 17.0.0-dev

Jun 24, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	9FE7E8BC-4FDD-	Exploit for Out-of-bounds Write in Fortinet Fortiproxy_9FE7E8BC-4FDD-5C40-A866-41D14FB4E0CD CVE-2024-21762 - FortiOS SSL VPN Out-of-Bounds Write Overview \| Field \| Value \| \|-------\|-------\| \| CVE \| CVE-2024-21762 \| \| Advisory \| FG-IR-24-01...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
CRITICAL 9.8	313C0238-45FD-	Exploit for CVE-2026-12416_313C0238-45FD-59C7-9A09-F1668F7DFE47 CVE-2026-12416-CVE-2026-12417 Unauthenticated Account Takeover via Weak Password Reset Validation via 'resetuserid' Parameter \| Unauthenticated Pri...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
NONE	HACKREAD:614136...	Fake npm Packages Impersonate PostCSS Tool to Steal Chrome Passwords_HACKREAD:6141367662A6D7A675D4167ED30B5E35 JFrog warns of malicious npm packages that mimic PostCSS tooling, drop a Windows RAT, and target Chrome-stored passwords through a staged infection...	N/A	N/A	Jun 24, 2026	HACKREAD
HIGH 7.7	CVE-2026-9710	Themeco Cornerstone < 7.8.8 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Password Hash Disclosure_CVE-2026-9710 The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-preview request handlers, and exposes the nonce ...	Unknown	Cornerstone 3.0.0	Jun 24, 2026	CVE
HIGH 7.7	CVE-2026-9709	Themeco Cornerstone < 7.8.9 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Meta Disclosure_CVE-2026-9709 The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to ...	Unknown	Cornerstone 3.0.0	Jun 24, 2026	CVE
LOW 2.7	CVE-2026-10753	Site Kit by Google < 1.176.0 - Editor+ Email Reporting Settings Update_CVE-2026-10753 The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-priv...	Unknown	Site Kit by Google	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-10749	Post Duplicator < 3.0.15 - Contributor+ PHP Object Injection via customMetaData_CVE-2026-10749 The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied seria...	Unknown	Post Duplicator	Jun 24, 2026	CVE
HIGH 7.5	CVE-2026-10735	ShapedPlugin Multiple Pro Plugins – Backdoor via Compromised Vendor Update Server_CVE-2026-10735 Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommer...	Unknown	smart-post-show-pro 4.0.1	Jun 24, 2026	CVE
MEDIUM 5.4	CVE-2026-10531	AI Share & Summarize < 2.0.4 - Contributor+ Stored XSS via title_style Shortcode Attribute_CVE-2026-10531 The AI Share & Summarize WordPress plugin before 2.0.4 does not sanitise and escape some of its shortcode attributes before outputting them in a pa...	Unknown	AI Share & Summarize	Jun 24, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Frappe Framework 17.0.0-dev – Stored XSS in frappe.get_avatar image rendering_CVE-2026-50700

Recent Advisories

Exploit for Out-of-bounds Write in Fortinet Fortiproxy_9FE7E8BC-4FDD-5C40-A866-41D14FB4E0CD

Exploit for CVE-2026-12416_313C0238-45FD-59C7-9A09-F1668F7DFE47

Fake npm Packages Impersonate PostCSS Tool to Steal Chrome Passwords_HACKREAD:6141367662A6D7A675D4167ED30B5E35

Themeco Cornerstone < 7.8.8 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Password Hash Disclosure_CVE-2026-9710

Themeco Cornerstone < 7.8.9 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Meta Disclosure_CVE-2026-9709

Site Kit by Google < 1.176.0 - Editor+ Email Reporting Settings Update_CVE-2026-10753

Post Duplicator < 3.0.15 - Contributor+ PHP Object Injection via customMetaData_CVE-2026-10749

ShapedPlugin Multiple Pro Plugins – Backdoor via Compromised Vendor Update Server_CVE-2026-10735

AI Share & Summarize < 2.0.4 - Contributor+ Stored XSS via title_style Shortcode Attribute_CVE-2026-10531

Protect Your Attack Surface with RedGem

Security Intelligence
Feed