Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

399 New today
67,173 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
386
Jun 26
53
Jun 27
318
Jun 28
284
Jun 29
427
Jun 30
42
Jul 1
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.3 CVE-2026-58369

Woodpecker < 3.15.0 - Unauthenticated NULL Pointer Dereference in /api/orgs/lookup Enables Log-Flooding Denial of Service_CVE-2026-58369

Woodpecker before 3.15.0 registers the /api/orgs/lookup/*org_full_name endpoint without authentication middleware, and the LookupOrg handler uncond...

woodpecker-ci woodpecker CVE
MEDIUM 6.5 CVE-2026-58176

RuoYi-Vue-Plus – Missing Authorization on Workflow Task Management Endpoints_CVE-2026-58176

RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task management endpoints under /workflow/task (FlwTaskController) without ...

dromara RuoYi-Vue-Plus CVE
MEDIUM 6.5 CVE-2026-58174

Hermes WebUI < 0.51.521 - Cross-Profile Authorization Bypass via Unset Session Profile on Import_CVE-2026-58174

Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object withou...

nesquena hermes-webui CVE
MEDIUM 6.5 CVE-2026-58173

Vibe-Trading < 0.1.10 - Path Traversal via Persistent Memory Type_CVE-2026-58173

Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory ...

HKUDS Vibe-Trading CVE
CRITICAL 9.1 CVE-2026-58172

Ocelot – IP Allow/Block List Bypass for WebSocket Upgrade Requests_CVE-2026-58172

Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based ...

ThreeMammals Ocelot CVE
MEDIUM 4.2 CVE-2026-58171

Vibe-Trading < 0.1.10 - Path Traversal via Swarm Run Identifier_CVE-2026-58171

Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory without vali...

HKUDS Vibe-Trading CVE
HIGH 8.3 CVE-2026-58170

Vibe-Trading < 0.1.10 - Path Traversal in Proposal Identifier Allows Forging Live Trading Mandates_CVE-2026-58170

Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory witho...

HKUDS Vibe-Trading CVE
HIGH 7.5 CVE-2026-58169

Vibe-Trading < 0.1.10 - Loopback Trust and Missing Host Validation Enable DNS-Rebinding Authentication Bypass and Remote Code Execution_CVE-2026-58169

Vibe-Trading before 0.1.10's local API server trusts the TCP peer address to bypass the API_AUTH_KEY bearer-token check for loopback clients and pe...

HKUDS Vibe-Trading CVE
HIGH 8.8 CVE-2026-58168

DeepTutor < 1.4.10 - Insecure Default Grants Unrestricted MCP Tool Access to Non-Admin Users_CVE-2026-58168

DeepTutor before version 1.4.10 contains an authorization bypass vulnerability that allows low-privilege users to invoke unrestricted MCP tools due...

HKUDS DeepTutor CVE