Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

206 New today

64,655 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 5.1

AIL Framework – Missing Rate Limiting Enables Brute-Force Attacks Against Two-Factor Authentication Codes_CVE-2026-56450

AIL did not restrict repeated failed attempts to verify a two-factor authentication (OTP) code. An attacker who had reached the 2FA verification step, such as after successfully completing the password-authentication stage, could submit an unlimited number of OTP guesses. This...

CVE-2026-56450 ail project ail framework

Jun 22, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.3	CVE-2026-56448	Authenticated Path Traversal in AIL Framework Investigation Downloads Allows Arbitrary File Read_CVE-2026-56448 A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authentica...	ail project	ail framework	Jun 22, 2026	CVE
MEDIUM 4.3	MS:CVE-2026-12446	Chromium: CVE-2026-12446 Insufficient data validation in Passwords_MS:CVE-2026-12446 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
NONE	THN:7B782DD6342...	Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries_THN:7B782DD6342D0803A9E4F4BA84097D55 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisV9q8kKe0eopbInTHgwScUvzjKlnPTpk74j7M6F-6BH46hVr9wcadvztA2RYJdKDQDzpV89bN4wH0hEL9qT...	N/A	N/A	Jun 22, 2026	THN
CRITICAL 9.3	CVE-2026-56447	MISP remote code execution via arbitrary rdkafka configuration path_CVE-2026-56447 MISP allowed an authenticated site administrator to set the Kafka_rdkafka_config setting to an arbitrary filesystem path. MISP subsequently parsed ...	misp	misp	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-56446	Authenticated Remote Code Execution via Arbitrary NDJSON Error Log Path in MISP_CVE-2026-56446 MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can i...	misp	misp	Jun 22, 2026	CVE
CRITICAL 9.3	CVE-2026-56425	MISP AAD authentication plugin – Improper OAuth State Handling, Missing Session Rotation, Insecure Redirect URI Validation, and Log Injection_CVE-2026-56425 The Azure Active Directory (AAD) authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow a...	misp	misp	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-56424	Broken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, templates, and decaying models_CVE-2026-56424 MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/edi...	misp	misp	Jun 22, 2026	CVE
CRITICAL 9.4	CVE-2026-56423	MISP Core: Broken access control allows instance-wide unauthorized deletion of event reports and sharing groups via bulk deletion endpoints_CVE-2026-56423 MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection hand...	misp	misp	Jun 22, 2026	CVE
HIGH 8.3	CVE-2026-54100	Windows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theft_CVE-2026-54100 A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Window...	Red Hat	Red Hat OpenShift Container Platform 4	Jun 22, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

AIL Framework – Missing Rate Limiting Enables Brute-Force Attacks Against Two-Factor Authentication Codes_CVE-2026-56450

Recent Advisories

Authenticated Path Traversal in AIL Framework Investigation Downloads Allows Arbitrary File Read_CVE-2026-56448

Chromium: CVE-2026-12446 Insufficient data validation in Passwords_MS:CVE-2026-12446

Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries_THN:7B782DD6342D0803A9E4F4BA84097D55

MISP remote code execution via arbitrary rdkafka configuration path_CVE-2026-56447

Authenticated Remote Code Execution via Arbitrary NDJSON Error Log Path in MISP_CVE-2026-56446

MISP AAD authentication plugin – Improper OAuth State Handling, Missing Session Rotation, Insecure Redirect URI Validation, and Log Injection_CVE-2026-56425

Broken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, templates, and decaying models_CVE-2026-56424

MISP Core: Broken access control allows instance-wide unauthorized deletion of event reports and sharing groups via bulk deletion endpoints_CVE-2026-56423

Windows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theft_CVE-2026-54100

Protect Your Attack Surface with RedGem

Security Intelligence
Feed