Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

364 New today

66,027 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

364

Jun 26

Jun 27

Critical

High

Medium

Low

Latest

CVE CVSS 7.3

EVoke Systems EVoke CSMS Insufficient Session Expiration_CVE-2026-54479

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers. This vulnerability may allow unauthorized users to...

CVE-2026-54479 EVoke EVoke CSMS All versions

Jun 25, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-50176	EVoke Systems EVoke CSMS Improper Restriction of Excessive Authentication Attempts_CVE-2026-50176 The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allo...	EVoke	EVoke CSMS All versions	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-44622	EVoke Systems EVoke CSMS Insufficiently Protected Credentials_CVE-2026-44622 Charging station authentication identifiers are publicly accessible via web-based mapping platforms.	EVoke	EVoke CSMS All versions	Jun 25, 2026	CVE
CRITICAL 9.4	CVE-2026-40702	EVoke Systems EVoke CSMS Missing Authentication for Critical Function_CVE-2026-40702 WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit ...	EVoke	EVoke CSMS All versions	Jun 25, 2026	CVE
HIGH 7.4	CVE-2026-12992	Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation_CVE-2026-12992 A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature....	Red Hat	Red Hat build of Apicurio Registry 3	Jun 25, 2026	CVE
HIGH 8.5	CVE-2026-12975	Apicurio/apicurio-registry: apicurio-registry: unhardened saxparser in content-type detection leads to blind xxe / ssrf / billion-laughs dos_CVE-2026-12975 A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml() method creates a SAXParserFactory without enabling secure processing fea...	Red Hat	Red Hat build of Apicurio Registry 3	Jun 25, 2026	CVE
HIGH 8.1	CVE-2026-11800	Org.keycloak:keycloak-services: keycloak: authentication bypass via jwt algorithm confusion_CVE-2026-11800 A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client c...	Red Hat	Red Hat build of Keycloak 26.6 26.6.4-2	Jun 25, 2026	CVE
MEDIUM 6	CVE-2026-11703	Missing SNI/ALPN binding on stateful (session-ID) TLS session resumption_CVE-2026-11703 Missing SNI/ALPN binding on stateful (session-ID) resumption, which previously skipped the binding check performed for ticket-based resumption. A c...	wolfSSL	wolfSSL 3.15.0	Jun 25, 2026	CVE
MEDIUM 6.3	CVE-2026-10098	OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status_CVE-2026-10098 OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer SingleResponse whose serial is a prefix of the tar...	wolfSSL	wolfSSL 4.6.0	Jun 25, 2026	CVE
MEDIUM 5.7	CVE-2026-7532	iPAddress name constraints not enforced when WOLFSSL_IP_ALT_NAME is undefined_CVE-2026-7532 iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name constraints are not enforced in that configuration, allo...	wolfSSL	wolfSSL	Jun 25, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

EVoke Systems EVoke CSMS Insufficient Session Expiration_CVE-2026-54479

Recent Advisories

EVoke Systems EVoke CSMS Improper Restriction of Excessive Authentication Attempts_CVE-2026-50176

EVoke Systems EVoke CSMS Insufficiently Protected Credentials_CVE-2026-44622

EVoke Systems EVoke CSMS Missing Authentication for Critical Function_CVE-2026-40702

Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation_CVE-2026-12992

Apicurio/apicurio-registry: apicurio-registry: unhardened saxparser in content-type detection leads to blind xxe / ssrf / billion-laughs dos_CVE-2026-12975

Org.keycloak:keycloak-services: keycloak: authentication bypass via jwt algorithm confusion_CVE-2026-11800

Missing SNI/ALPN binding on stateful (session-ID) TLS session resumption_CVE-2026-11703

OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status_CVE-2026-10098

iPAddress name constraints not enforced when WOLFSSL_IP_ALT_NAME is undefined_CVE-2026-7532

Protect Your Attack Surface with RedGem

Security Intelligence
Feed