Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

234 New today
65,164 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
232
Jun 24
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.4 CVE-2026-46550

NocoDB: Refresh Token Cookie Set Without `Secure` and `SameSite` Flags_CVE-2026-46550

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the refresh-token cookie was set with httpOnly: true but missing bot...

nocodb nocodb < 2026.04.1 CVE
LOW 2 CVE-2026-46549

NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation_CVE-2026-46549

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the OAuth token strategy attached oauth_scope and oauth_granted_reso...

nocodb nocodb < 2026.04.1 CVE
MEDIUM 4.3 CVE-2026-46548

NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)_CVE-2026-46548

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the request-filtering-agent SSRF protection was non-functional in th...

nocodb nocodb < 2026.04.1 CVE
MEDIUM 6.1 CVE-2026-46547

NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL_CVE-2026-46547

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning pag...

nocodb nocodb < 2026.04.1 CVE
HIGH 8.8 CVE-2026-41862

CVE-2026-41862_CVE-2026-41862

Spring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persisted state-machine contexts without enfo...

Spring Spring Statemachine 4.0.0 CVE
MEDIUM 6.5 CVE-2026-54518

jackson-databind: @JsonView bypass for unwrapped creator parameters in jackson-databind_CVE-2026-54518

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3....

FasterXML jackson-databind >= 2.21.0, < 2.21.4 CVE
HIGH 8.4 CVE-2026-56785

FlatPress – Stored Cross-Site Scripting via Unescaped Comment and Contact Form Fields_CVE-2026-56785

FlatPress versions prior to commit 10be83c, contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and ...

FlatPress FlatPress CVE
CRITICAL 9.6 CVE-2026-54588

Poweradmin has Host Header Injection in OIDC redirect_uri, SAML ACS/SLO URL, and Logout Redirect Construction._CVE-2026-54588

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` re...

poweradmin poweradmin < 4.2.4 CVE
MEDIUM 5.5 CVE-2026-48493

Snipe-IT Vulnerable to Privilege Escalation for self via API Permissions Assignment_CVE-2026-48493

Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/{their...

grokability snipe-it < 8.6.0 CVE