Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

304 New today

66,383 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

386

Jun 26

Jun 27

281

Jun 28

Critical

High

Medium

Low

Latest

CVE CVSS 5

Flowise – Custom MCP Environment Variable Denylist Bypass via Case Sensitivity_CVE-2026-58057

Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'node_options' bypasses the NODE_OPTIONS denylist entry. An authenticated user who...

CVE-2026-58057 Flowise Flowise

Jun 28, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.6	CVE-2026-58056	RustDesk – FileTransfer Session Authorization Scope Bypass_CVE-2026-58056 RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer sessi...	RustDesk	RustDesk	Jun 28, 2026	CVE
MEDIUM 5.4	CVE-2026-58055	nghttp2 nghttpx – HTTP Request/Response Smuggling via Upgrade Request with Content-Length_CVE-2026-58055 nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-a...	nghttp2	nghttp2	Jun 28, 2026	CVE
HIGH 7.2	CVE-2026-58054	MyBB – Privilege Escalation from Limited ACP User Management to Administrator_CVE-2026-58054 MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers ...	MyBB	MyBB	Jun 28, 2026	CVE
CRITICAL 9.9	CVE-2026-58053	Gitea act_runner – Container Hardening Bypass via Workflow Container Options_CVE-2026-58053 Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job container's HostConfi...	Gitea	act_runner	Jun 28, 2026	CVE
LOW 3.3	CVE-2026-58052	7-Zip – Mark-of-the-Web Bypass via RAR5 Alternate Data Stream Name Collision_CVE-2026-58052 7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an ...	7-Zip	7-Zip	Jun 28, 2026	CVE
MEDIUM 6.5	CVE-2026-58051	libssh2 – Free of Uninitialized Pointer in publickey List Cleanup_CVE-2026-58051 libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a pars...	libssh2	libssh2	Jun 28, 2026	CVE
HIGH 7	CVE-2026-58050	libssh2 – Integer Overflow in publickey Subsystem Attribute Allocation_CVE-2026-58050 libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_at...	libssh2	libssh2	Jun 28, 2026	CVE
HIGH 8.6	CVE-2026-58049	FFmpeg – Out-of-Bounds Write in RASC Decoder decode_dlta()_CVE-2026-58049 FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary...	FFmpeg	FFmpeg	Jun 28, 2026	CVE
NONE	4DB773AB-3515-	IITR_Capstone_RedScope_Project_4DB773AB-3515-56F0-A117-B6F5C0AA746F RedScope Capstone Project Lab-only red-team assessment for web exploitation, network compromise, post-exploitation, and adversarial-ML testing. Git...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Flowise – Custom MCP Environment Variable Denylist Bypass via Case Sensitivity_CVE-2026-58057

Recent Advisories

RustDesk – FileTransfer Session Authorization Scope Bypass_CVE-2026-58056

nghttp2 nghttpx – HTTP Request/Response Smuggling via Upgrade Request with Content-Length_CVE-2026-58055

MyBB – Privilege Escalation from Limited ACP User Management to Administrator_CVE-2026-58054

Gitea act_runner – Container Hardening Bypass via Workflow Container Options_CVE-2026-58053

7-Zip – Mark-of-the-Web Bypass via RAR5 Alternate Data Stream Name Collision_CVE-2026-58052

libssh2 – Free of Uninitialized Pointer in publickey List Cleanup_CVE-2026-58051

libssh2 – Integer Overflow in publickey Subsystem Attribute Allocation_CVE-2026-58050

FFmpeg – Out-of-Bounds Write in RASC Decoder decode_dlta()_CVE-2026-58049

IITR_Capstone_RedScope_Project_4DB773AB-3515-56F0-A117-B6F5C0AA746F

Protect Your Attack Surface with RedGem

Security Intelligence
Feed