Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

360 New today

66,046 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

383

Jun 26

Jun 27

Critical

High

Medium

Low

Latest

CVE CVSS 9

Dokku: OS Command Injection via App Name in Git Pre-Receive Hook_CVE-2026-45408

Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$) permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via ...

CVE-2026-45408 dokku dokku < 0.38.2

Jun 26, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5	CVE-2026-45407	Dokku: Git Credentials in .netrc Stored World-Readable Due to Premature touch_CVE-2026-45407 Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc using bash's touch command, which applies the defa...	dokku	dokku < 0.38.2	Jun 26, 2026	CVE
CRITICAL 9	CVE-2026-45406	Dokku: Host RCE via Maliciously Named OpenResty Include Files Injected Through eval_CVE-2026-45406 Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository dir...	dokku	dokku < 0.38.2	Jun 26, 2026	CVE
CRITICAL 9	CVE-2026-45405	Dokku: Arbitrary File Write via Tar Symlink Traversal in git:from-archive and certs:add_CVE-2026-45405 Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary ...	dokku	dokku < 0.38.2	Jun 26, 2026	CVE
MEDIUM 5	CVE-2026-28385	SSRF via image import from URL allows internal network probing by authenticated users_CVE-2026-28385 In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticat...	Canonical	lxd 6.0	Jun 26, 2026	CVE
MEDIUM 4.9	CVE-2026-13434	Virt-controller-rhel9: kubevirt: kubevirt: multus default-network annotation injection via unvalidated tenant networkname when externalnetresourceinjection is enabled_CVE-2026-13434 A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, th...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-11779	PayloadCMS 3.84.1 – Authenticated account lockout bypass through default unlock access_CVE-2026-11779 An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.	PayloadCMS	PayloadCMS 3.84.1	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2025-32423	AutoGPT: There is a DoS vulnerability in ExtractTextInformationBlock_CVE-2025-32423 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there i...	Significant-Gravitas	AutoGPT < 0.6.32	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2025-32394	AutoGPT: There is a DoS vulnerability in AITextSummarizerBlock_CVE-2025-32394 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there i...	Significant-Gravitas	AutoGPT < 0.6.32	Jun 26, 2026	CVE
NONE	B6A66232-7621-	Sql-injection-scanner_B6A66232-7621-5872-A51D-EDDA3F824073 Sql-injection-scanner Developing a security scanning tool that can quickly, reliably, and automatically detect SQL Injection vulnerabilities in web...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Dokku: OS Command Injection via App Name in Git Pre-Receive Hook_CVE-2026-45408

Recent Advisories

Dokku: Git Credentials in .netrc Stored World-Readable Due to Premature touch_CVE-2026-45407

Dokku: Host RCE via Maliciously Named OpenResty Include Files Injected Through eval_CVE-2026-45406

Dokku: Arbitrary File Write via Tar Symlink Traversal in git:from-archive and certs:add_CVE-2026-45405

SSRF via image import from URL allows internal network probing by authenticated users_CVE-2026-28385

Virt-controller-rhel9: kubevirt: kubevirt: multus default-network annotation injection via unvalidated tenant networkname when externalnetresourceinjection is enabled_CVE-2026-13434

PayloadCMS 3.84.1 – Authenticated account lockout bypass through default unlock access_CVE-2026-11779

AutoGPT: There is a DoS vulnerability in ExtractTextInformationBlock_CVE-2025-32423

AutoGPT: There is a DoS vulnerability in AITextSummarizerBlock_CVE-2025-32394

Sql-injection-scanner_B6A66232-7621-5872-A51D-EDDA3F824073

Protect Your Attack Surface with RedGem

Security Intelligence
Feed