Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

54 New today

64,199 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 7

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

Critical

High

Medium

Low

Latest

CVE CVSS 7.5

Decompression Bomb Bypass via Negative max_length in Streaming API in urllib3_CVE-2026-9375

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API (`preload_content=False`) when using Brotli support. The issue arises due to three independent code paths in `response.py` that bypass the `max_length` protection introduced in version 2.6....

CVE-2026-9375 urllib3 urllib3/urllib3 unspecified

Jun 19, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-49340	gonic has arbitrary file write in createPlaylist: any authenticated user can write playlist M3U content to attacker-controlled path on the host_CVE-2026-49340 gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, a logic error in `ServeCreateOrUpdat...	sentriz	gonic < 0.21.0	Jun 19, 2026	CVE
HIGH 7.1	CVE-2026-49338	Subsonic API: any authenticated user can delete or read any other user’s playlist (IDOR)_CVE-2026-49338 gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, the Subsonic API endpoints `/rest/de...	sentriz	gonic < 0.21.0	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-27878	Tempo TraceQL query with exemplar hint could result in unbounded memory usage_CVE-2026-27878 A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resultin...	Grafana	Enterprise Traces (GET) 2.6.1	Jun 19, 2026	CVE
MEDIUM 6.3	CVE-2026-12726	Awx: automation-controller: awx: github webhook second-order ssrf via unvalidated statuses_url exfiltrates pat credential_CVE-2026-12726 A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request webhooks, the controller stores the pull_request.status...	Red Hat	Red Hat Ansible Automation Platform 2	Jun 19, 2026	CVE
NONE	EA26B6D2-E45A-	cortex-plugin-hexstrike_EA26B6D2-E45A-5D45-930B-37F1EE561AD6 Example Plugin Brief one-line description of what this plugin does. Installation bash From marketplace cortex plugin install marketplace:example-pl...	N/A	N/A	Jun 19, 2026	GITHUBEXPLOIT
CRITICAL 10	A52A5B67-31DB-	Exploit for SQL Injection in Sangoma Freepbx_A52A5B67-31DB-5B86-B528-C2F4F2A57FB3 FreePBX 16 — Unauthenticated SQLi to RCE Proof-of-concept exploit chaining two FreePBX vulnerabilities to go from zero access to remote code execut...	N/A	N/A	Jun 19, 2026	GITHUBEXPLOIT
CRITICAL 9.8	B7F3888A-67A2-	Exploit for OS Command Injection in Ray_Project Ray_B7F3888A-67A2-5DAE-904A-1F178F5B69DD CVE-2023-6019 - Anyscale Ray Dashboard Unauthenticated RCE PoC exploit for CVE-2023-6019 — Remote Code Execution via unauthenticated Ray Dashboard ...	N/A	N/A	Jun 19, 2026	GITHUBEXPLOIT
NONE	THN:E7B27AF7990...	Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain_THN:E7B27AF79906373961790705D467275B ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIM725Ni41-PBwM_6zXNdsydP1eZO7oSsWIlAqpwdOu9dOcZM6ZI1iaqwSsL3yZKT4lbFRM-eZVq3ARKDbLR...	N/A	N/A	Jun 19, 2026	THN
NONE	THN:0B57AAEC379...	The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes_THN:0B57AAEC379BB19269BA5F6FA540F390 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjNWtaK_WkFnKnaLTIwg043i_I6YVi5XuZGVzh30SGeK-iutwr6t2Ed3S6Qk0V9uykYueDD5WETtQ4sW1QwG...	N/A	N/A	Jun 19, 2026	THN

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Decompression Bomb Bypass via Negative max_length in Streaming API in urllib3_CVE-2026-9375

Recent Advisories

gonic has arbitrary file write in createPlaylist: any authenticated user can write playlist M3U content to attacker-controlled path on the host_CVE-2026-49340

Subsonic API: any authenticated user can delete or read any other user’s playlist (IDOR)_CVE-2026-49338

Tempo TraceQL query with exemplar hint could result in unbounded memory usage_CVE-2026-27878

Awx: automation-controller: awx: github webhook second-order ssrf via unvalidated statuses_url exfiltrates pat credential_CVE-2026-12726

cortex-plugin-hexstrike_EA26B6D2-E45A-5D45-930B-37F1EE561AD6

Exploit for SQL Injection in Sangoma Freepbx_A52A5B67-31DB-5B86-B528-C2F4F2A57FB3

Exploit for OS Command Injection in Ray_Project Ray_B7F3888A-67A2-5DAE-904A-1F178F5B69DD

Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain_THN:E7B27AF79906373961790705D467275B

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes_THN:0B57AAEC379BB19269BA5F6FA540F390

Protect Your Attack Surface with RedGem

Security Intelligence
Feed