Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

276 New today

65,317 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

Jun 25

Critical

High

Medium

Low

Latest

CVE CVSS 8.7

Anthropic Claude Desktop Cowork VM Image Contents Not Validated Before Use_CVE-2026-7574

Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0) validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at ti...

CVE-2026-7574 Anthropic Claude Desktop Cowork 1.1348.0

Jun 23, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.1	CVE-2026-6458	AES-256-GCM Authentication Tag Does Not Cover First Ciphertext Blocks When AAD Is Empty_CVE-2026-6458 Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication tag. When the streaming...	Caliptra	Core Runtime Firmware 2.0.0	Jun 23, 2026	CVE
HIGH 7.2	CVE-2026-5818	MCU Firmware Update Authentication Bypass on Caliptra Core_CVE-2026-5818 Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows bypass of Caliptra Cor...	Caliptra	Core Runtime Firmware 2.0.0	Jun 23, 2026	CVE
HIGH 8.8	CVE-2026-54639	Style Dictionary – Prototype Pollution in convertTokenData utility function_CVE-2026-54639 Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to...	style-dictionary	style-dictionary >= 4.3.0, < 5.4.4	Jun 24, 2026	CVE
CRITICAL 9.8	D76E3BC5-2C10-	Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin_D76E3BC5-2C10-52DE-8FE2-24C1C9C72D09 this is my version i found a lot in internet but those are too bad USAGE python3 exploit.py -u http://IP/grav-admin/ --lhost YOUR TUN0 IP --lport 4...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
HIGH 8.1	CVE-2026-39253	CVE-2026-39253_CVE-2026-39253 An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Se...	n/a	n/a n/a	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-54517	jackson-databind: @JsonView bypass for setterless creator properties_CVE-2026-54517 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3....	FasterXML	jackson-databind >= 2.21.0, < 2.21.4	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-54516	jackson-databind: Renamed @JsonIgnore’d setters can deserialize via private fields_CVE-2026-54516 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3....	FasterXML	jackson-databind >= 2.21.0, < 2.21.4	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-54515	jackson-databind: Case-insensitive deserialization bypasses per-property @JsonIgnoreProperties_CVE-2026-54515 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5...	FasterXML	jackson-databind >= 2.8.0, < 2.18.9	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-54514	jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)_CVE-2026-54514 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4...	FasterXML	jackson-databind >= 2.0.0, < 2.18.8	Jun 23, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Anthropic Claude Desktop Cowork VM Image Contents Not Validated Before Use_CVE-2026-7574

Recent Advisories

AES-256-GCM Authentication Tag Does Not Cover First Ciphertext Blocks When AAD Is Empty_CVE-2026-6458

MCU Firmware Update Authentication Bypass on Caliptra Core_CVE-2026-5818

Style Dictionary – Prototype Pollution in convertTokenData utility function_CVE-2026-54639

Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin_D76E3BC5-2C10-52DE-8FE2-24C1C9C72D09

CVE-2026-39253_CVE-2026-39253

jackson-databind: @JsonView bypass for setterless creator properties_CVE-2026-54517

jackson-databind: Renamed @JsonIgnore’d setters can deserialize via private fields_CVE-2026-54516

jackson-databind: Case-insensitive deserialization bypasses per-property @JsonIgnoreProperties_CVE-2026-54515

jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)_CVE-2026-54514

Protect Your Attack Surface with RedGem

Security Intelligence
Feed