Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

224 New today
65,462 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
175
Jun 25
Critical
High
Medium
Low
Latest
CVE CVSS 9.8

Rclone: Unauthenticated command execution in `rclone rcd –rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix_CVE-2026-49980

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /[remote:path]/object. The remote value is parsed f...

CVE-2026-49980 rclone rclone >= 1.46.0, < 1.74.3
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.8 CVE-2026-49247

Jellyfin: Potential Authenticated path traversal in /ClientLog/Document_CVE-2026-49247

Jellyfin is an open source self hosted media server. From 10.9.0 until 10.11.10, the POST /ClientLog/Document endpoint accepts the Authorization he...

jellyfin jellyfin >= 10.9.0, < 10.11.10 CVE
LOW 1.7 CVE-2026-49246

Jellyfin: Potential MKV attachment filename path traversal to RCE_CVE-2026-49246

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a specifically crafted MKV file containing forged filename tags can be leve...

jellyfin jellyfin < 10.11.10 CVE
MEDIUM 5.7 CVE-2026-49220

Jellyfin: Potential XSS in user management_CVE-2026-49220

Jellyfin is an open source self hosted media server. Prior to 10.11.9, a potential XSS attack exists in Jellyfin which can allow a non-privileged u...

jellyfin jellyfin < 10.11.9 CVE
HIGH 8.8 CVE-2026-48793

Jellyfin: Potential FFmpeg argument injection via unescaped subtitle file path_CVE-2026-48793

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle ...

jellyfin jellyfin < 10.11.10 CVE
HIGH 7.1 CVE-2026-12760

Denial-of-Service Vulnerability via Malformed IPv4 Fragmentation Handling in TP-Link Tapo C200_CVE-2026-12760

A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 f...

TP-Link Systems Inc. Tapo C200 v3 CVE
HIGH 8.8 CVE-2026-13038

CVE-2026-13038_CVE-2026-13038

Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HT...

Google Chrome 149.0.7827.197 CVE
HIGH 7.8 CVE-2026-13037

CVE-2026-13037_CVE-2026-13037

Use after free in WebView in Google Chrome on Android prior to 149.0.7827.197 allowed a local attacker to execute arbitrary code inside a sandbox v...

Google Chrome 149.0.7827.197 CVE
HIGH 8.8 CVE-2026-13036

CVE-2026-13036_CVE-2026-13036

Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted...

Google Chrome 149.0.7827.197 CVE
HIGH 8.8 CVE-2026-13035

CVE-2026-13035_CVE-2026-13035

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious per...

Google Chrome 149.0.7827.197 CVE