Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

54 New today
64,223 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

255
Jun 8
658
Jun 9
351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
6
Jun 21
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.3 CVE-2026-48980

pam_usb: getenv() used in PAM context allows environment variable injection into local-check logic_CVE-2026-48980

pam_usb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv() environment variables XRDP_SESSION,...

mcdope pam_usb < 0.9.2 CVE
NONE THN:61A3E81EE06...

Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites_THN:61A3E81EE060D294ED20FB1D0B47CAB5

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1-D7cu6ZQpoZXfPa_eYHuQijjkt6mJRjmoIS9eSnCGPPgyXNz-AChti_zkCGmlefTdBm5bvbyxXbrJVbpVJ...

N/A N/A THN
HIGH 8.7 CVE-2026-48716

nanobot: Path traversal via unsanitized WhatsApp document fileName enables arbitrary file write_CVE-2026-48716

nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path u...

HKUDS nanobot <= 0.1.5.post3 CVE
MEDIUM 5.3 CVE-2026-47847

CVE-2026-47847_CVE-2026-47847

Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication healt...

Bitnami bitnami/mariadb-galera 10.6.0 CVE
CRITICAL 9.8 CVE-2026-47846

CVE-2026-47846_CVE-2026-47846

Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured vi...

Bitnami bitnami/cassandra 4.0.0 CVE
MEDIUM 5.4 CVE-2026-43915

Coturn: Stored Cross-Site Scripting (XSS) in web-admin interface via TURN username_CVE-2026-43915

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting (XSS) vulnerabi...

coturn coturn < 4.11.0 CVE
HIGH 8.5 CVE-2026-25865

Punto Switcher 4.5.0.583 Unquoted Search Path via WinExec_CVE-2026-25865

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by ex...

Yandex Punto Switcher CVE
CRITICAL 9.9 CVE-2026-49252

deepstream is vulnerable to prototype pollution_CVE-2026-49252

deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are v...

deepstreamIO deepstream.io < 10.0.5 CVE
HIGH 8.3 CVE-2026-49248

OneDev: RCE through absolute-path symlink following allows low-privileged users to overwrite arbitrary server via TarUtils.untar_CVE-2026-49248

OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar() creates symbolic links verbatim from TAR en...

theonedev onedev < 15.0.7 CVE