Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

292 New today

64,923 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

285

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 9.2

PhpSpreadsheet: File::prohibitWrappers bypass_CVE-2026-45034

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.5, CVE-2026-34084 was patched by the helper File::prohibitWrappers. The helper calls parse_url($filename, PHP_URL_SCHEME) and then checks is_string($scheme) && strlen($scheme) > 1 to ...

CVE-2026-45034 PHPOffice PhpSpreadsheet < 1.30.5

Jun 22, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2026-44727	Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP_CVE-2026-44727 Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored noteb...	jupyter-server	jupyter_server < 2.20	Jun 22, 2026	CVE
MEDIUM 5.4	CVE-2026-41479	Authlib OAuth 2.0 authorization endpoint open redirects to attacker-controlled redirect_uri on unsupported response_type_CVE-2026-41479 Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint ca...	authlib	authlib < 1.6.10	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-39904	Gophish 0.12.1 Denial of Service via Office Document Upload_CVE-2026-39904 Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by up...	gophish	gophish	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-56698	Nuxt – Cross-Site Scripting via navigateTo open Option_CVE-2026-56698 Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side scr...	Nuxt	Nuxt 4.0.0	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-56697	Nuxt – Open Redirect via Protocol-Relative Paths in reloadNuxtApp_CVE-2026-56697 Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass ...	Nuxt	Nuxt 4.0.0	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-56357	n8n – Webhook Forgery via Missing HMAC-SHA256 Signature Verification in GitHub Webhook Trigger_CVE-2026-56357 n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signa...	n8n	n8n	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-56348	n8n – Credential Exfiltration via Allowed HTTP Request Domains Bypass in Dynamic Node Parameters Endpoint_CVE-2026-56348 n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authentic...	n8n	n8n	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-56326	Nuxt – Server-Side Open Redirect via Path-Normalization Bypass in navigateTo_CVE-2026-56326 Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly valid...	Nuxt	Nuxt 4.0.0	Jun 22, 2026	CVE
HIGH 8.8	CVE-2026-56324	Capgo – Rate Limit Bypass via User-Controlled device_id Parameter_CVE-2026-56324 Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel_self endpoint that allows attackers to circumvent rate limiting by ...	Capgo	Capgo	Jun 22, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

PhpSpreadsheet: File::prohibitWrappers bypass_CVE-2026-45034

Recent Advisories

Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP_CVE-2026-44727

Authlib OAuth 2.0 authorization endpoint open redirects to attacker-controlled redirect_uri on unsupported response_type_CVE-2026-41479

Gophish 0.12.1 Denial of Service via Office Document Upload_CVE-2026-39904

Nuxt – Cross-Site Scripting via navigateTo open Option_CVE-2026-56698

Nuxt – Open Redirect via Protocol-Relative Paths in reloadNuxtApp_CVE-2026-56697

n8n – Webhook Forgery via Missing HMAC-SHA256 Signature Verification in GitHub Webhook Trigger_CVE-2026-56357

n8n – Credential Exfiltration via Allowed HTTP Request Domains Bypass in Dynamic Node Parameters Endpoint_CVE-2026-56348

Nuxt – Server-Side Open Redirect via Path-Normalization Bypass in navigateTo_CVE-2026-56326

Capgo – Rate Limit Bypass via User-Controlled device_id Parameter_CVE-2026-56324

Protect Your Attack Surface with RedGem

Security Intelligence
Feed