Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

289 New today

64,930 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

292

Jun 23

Jun 24

Critical

High

Medium

Low

Latest

CVE CVSS 6.9

Capgo – Unauthenticated Cross-Tenant Disclosure via get_current_plan_max_org RPC_CVE-2026-56311

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.get_current_plan_max_org RPC function that allows unauthenticated attackers to retrieve arbitrary organization plan limits. Attackers can call the RPC endpoint with any organization UUID using o...

CVE-2026-56311 Capgo Capgo

Jun 22, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-56306	Capgo – Subkey Enforcement Bypass via x-limited-key-id Header Parsing_CVE-2026-56306 Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by su...	Capgo	Capgo	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-56280	Cap-go – Privilege Inversion in Build Log Stream via SSE Disconnect_CVE-2026-56280 Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API key holders to cancel runni...	Cap-go	capgo	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-56268	Flowise – Cross-Workspace Information Disclosure via chatflows/apikey Endpoint_CVE-2026-56268 Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query para...	Flowise	Flowise	Jun 22, 2026	CVE
CRITICAL 9.2	CVE-2026-56266	Crawl4AI – Server-Side Request Forgery via Direct Crawl Endpoints_CVE-2026-56266 Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitra...	unclecode	Crawl4AI 0.8.7	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-56255	Capgo – Denial of Service via Unlimited Demo App Creation_CVE-2026-56255 Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write perm...	Capgo	Capgo	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-56221	Cap-go – SQL Injection in Cloudflare Analytics Engine Queries via cloudflare.ts_CVE-2026-56221 Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-controlled values from API request bodies are in...	Cap-go	capgo	Jun 22, 2026	CVE
HIGH 7.6	CVE-2026-55409	Filament: Disabled RichEditor field state can be used for XSS_CVE-2026-55409 Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendere...	filamentphp	filament >= 3.0.0, < 3.3.53	Jun 22, 2026	CVE
MEDIUM 6.5	CVE-2026-54911	UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()_CVE-2026-54911 UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps() (or ujson.dump() or uj...	ultrajson	ultrajson < 5.13.0	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-54281	Nest: Middleware Bypass on Fastify via Trailing Slash_CVE-2026-54281 Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.24, an authentication bypass vulnerability exists in @nes...	nestjs	nest < 11.1.24	Jun 22, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Capgo – Unauthenticated Cross-Tenant Disclosure via get_current_plan_max_org RPC_CVE-2026-56311

Recent Advisories

Capgo – Subkey Enforcement Bypass via x-limited-key-id Header Parsing_CVE-2026-56306

Cap-go – Privilege Inversion in Build Log Stream via SSE Disconnect_CVE-2026-56280

Flowise – Cross-Workspace Information Disclosure via chatflows/apikey Endpoint_CVE-2026-56268

Crawl4AI – Server-Side Request Forgery via Direct Crawl Endpoints_CVE-2026-56266

Capgo – Denial of Service via Unlimited Demo App Creation_CVE-2026-56255

Cap-go – SQL Injection in Cloudflare Analytics Engine Queries via cloudflare.ts_CVE-2026-56221

Filament: Disabled RichEditor field state can be used for XSS_CVE-2026-55409

UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()_CVE-2026-54911

Nest: Middleware Bypass on Fastify via Trailing Slash_CVE-2026-54281

Protect Your Attack Surface with RedGem

Security Intelligence
Feed