Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

284 New today

64,932 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

Jun 24

Critical

High

Medium

Low

Latest

CVE CVSS 8.6

Capgo – Cross-Organization App Takeover via Mismatched org_id and app_id in /private/role_bindings_CVE-2026-56222

Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/role_bindings that fails to verify app_id ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting ...

CVE-2026-56222 Capgo Capgo

Jun 23, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2026-54892	Plug: quadratic-time decoding of nested query/body parameters enables denial of service_CVE-2026-54892 Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Co...	elixir-plug	plug 1.15.0	Jun 23, 2026	CVE
MEDIUM 6.4	CVE-2026-4610	ProfileGrid <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Message Content_CVE-2026-4610 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pm_author_messag...	metagauss	ProfileGrid – User Profiles, Groups and Communities	Jun 23, 2026	CVE
CRITICAL 9.4	CVE-2026-44089	Buffer Overflow in Totolink EX1200L router_CVE-2026-44089 Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be ex...	Totolink	EX1200L 9.3.5u.6146_B20201023	Jun 23, 2026	CVE
MEDIUM 6.1	CVE-2026-10857	Reflected XSS in Akinsoft’s e-Commerce_CVE-2026-10857 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in AKIN Software Computer Import Export Industry...	AKIN Software Computer Import Export Industry and Trade Ltd.	e-Commerce	Jun 23, 2026	CVE
HIGH 8.8	CVE-2026-10711	RCE in Akınsoft’s CafePlus_CVE-2026-10711 Missing authentication for critical function vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. CafePlus allows Accessin...	AKIN Software Computer Import Export Industry and Trade Ltd.	CafePlus 12.05.03	Jun 23, 2026	CVE
HIGH 7.6	CVE-2025-71376	picklescan – Arbitrary Code Execution via Undetected idlelib.autocomplete.AutoComplete.fetch_completions_CVE-2025-71376 picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods. Attack...	picklescan	picklescan	Jun 23, 2026	CVE
HIGH 7.6	CVE-2025-71370	picklescan – Remote Code Execution via torch.jit.unsupported_tensor_ops.execWrapper_CVE-2025-71370 picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported_tensor_ops.execWrapper function calls embedded in pickle files. Attackers ...	picklescan	picklescan	Jun 23, 2026	CVE
HIGH 7.6	CVE-2025-71365	picklescan – Arbitrary Code Execution via numpy.f2py.crackfortran.myeval Detection Bypass_CVE-2025-71365 picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Atta...	picklescan	picklescan	Jun 23, 2026	CVE
HIGH 7.6	CVE-2025-71341	picklescan – Remote Code Execution via Undetected profile.Profile.runctx_CVE-2025-71341 picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected ma...	picklescan	picklescan	Jun 23, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Capgo – Cross-Organization App Takeover via Mismatched org_id and app_id in /private/role_bindings_CVE-2026-56222

Recent Advisories

Plug: quadratic-time decoding of nested query/body parameters enables denial of service_CVE-2026-54892

ProfileGrid <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Message Content_CVE-2026-4610

Buffer Overflow in Totolink EX1200L router_CVE-2026-44089

Reflected XSS in Akinsoft’s e-Commerce_CVE-2026-10857

RCE in Akınsoft’s CafePlus_CVE-2026-10711

picklescan – Arbitrary Code Execution via Undetected idlelib.autocomplete.AutoComplete.fetch_completions_CVE-2025-71376

picklescan – Remote Code Execution via torch.jit.unsupported_tensor_ops.execWrapper_CVE-2025-71370

picklescan – Arbitrary Code Execution via numpy.f2py.crackfortran.myeval Detection Bypass_CVE-2025-71365

picklescan – Remote Code Execution via Undetected profile.Profile.runctx_CVE-2025-71341

Protect Your Attack Surface with RedGem

Security Intelligence
Feed