Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

294 New today

64,620 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

299

Jun 22

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 5.4

Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access_CVE-2026-10601

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: (1) capture admin-configured datasource credentials (secureJsonData custom headers) ...

CVE-2026-10601 Grafana Grafana OSS 11.6.0

Jun 22, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	CVE-2026-10561	Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection_CVE-2026-10561 IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass t...	IBM	Langflow OSS 1.0.0	Jun 22, 2026	CVE
MEDIUM 5.4	CVE-2025-33128	IBM Engineering Lifecycle Management – Engineering Workflow Management is impacted by vulnerabilities HTML / XSS Injection observed_CVE-2025-33128 IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting....	IBM	Engineering Workflow Management 7.0.3	Jun 22, 2026	CVE
MEDIUM 6	CVE-2025-2669	Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data._CVE-2025-2669 IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform ope...	IBM	Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 4.8.0	Jun 22, 2026	CVE
CRITICAL 9.9	0CD6EB69-616A-	Exploit for Code Injection in Microsoft_0CD6EB69-616A-5F14-BC54-BAF18F35CE8E CVE-2026-26030 — Semantic Kernel filter eval RCE lab A self-contained, network-isolated Docker lab reproducing CVE-2026-26030: prompt-injectable re...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT
NONE	SECURELIST:C973...	A VBScript campaign distributed through WhatsApp deploying RMM software_SECURELIST:C973A43958C0478ADD5CD4F16D3BFD4A ![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2026/06/22071117/SL-WhatsApp-VBS-RMM-featured-990x400.jpg) In June 2026, we ...	N/A	N/A	Jun 22, 2026	SECURELIST
NONE	HACKREAD:BF0A33...	Salesforce Disables Klue Integration After OAuth Token Theft Hits Customer Data_HACKREAD:BF0A33257D62E5218E319AA6A66E8EB0 Icarus extortion group used a legacy Klue Battlecards credential to bypass security and steal bulk Salesforce records from affected companies.	N/A	N/A	Jun 22, 2026	HACKREAD
NONE	SCHNEIER:179D82...	Professional Athletes and Wearables_SCHNEIER:179D82D2A96A2E9C66736C4EAC245C7D I haven't thought about the privacy issues surrounding professional athletes and wearables. > Wearables present serious privacy issues for "Averag...	N/A	N/A	Jun 22, 2026	SCHNEIER
CRITICAL 10	THN:43941E2D420...	Stop Your Legacy Infrastructure from Hijacking Your AI Agents_THN:43941E2D42031698DDE8721BBA2C4DF5 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSdS_7552zEvsn5xVfDcVMG2u8ponFIE1E65j5A8Wx-qUroU49h-f6qF7FPCABA063IjNnw-JntL-L1iZjHp...	N/A	N/A	Jun 22, 2026	THN
HIGH 7.8	762AC12D-EAE0-	Exploit for Out-of-bounds Write in Linux Linux_Kernel_762AC12D-EAE0-5CAD-AE9B-86D5B412786A No description provided...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access_CVE-2026-10601

Recent Advisories

Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection_CVE-2026-10561

IBM Engineering Lifecycle Management – Engineering Workflow Management is impacted by vulnerabilities HTML / XSS Injection observed_CVE-2025-33128

Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data._CVE-2025-2669

Exploit for Code Injection in Microsoft_0CD6EB69-616A-5F14-BC54-BAF18F35CE8E

A VBScript campaign distributed through WhatsApp deploying RMM software_SECURELIST:C973A43958C0478ADD5CD4F16D3BFD4A

Salesforce Disables Klue Integration After OAuth Token Theft Hits Customer Data_HACKREAD:BF0A33257D62E5218E319AA6A66E8EB0

Professional Athletes and Wearables_SCHNEIER:179D82D2A96A2E9C66736C4EAC245C7D

Stop Your Legacy Infrastructure from Hijacking Your AI Agents_THN:43941E2D42031698DDE8721BBA2C4DF5

Exploit for Out-of-bounds Write in Linux Linux_Kernel_762AC12D-EAE0-5CAD-AE9B-86D5B412786A

Protect Your Attack Surface with RedGem

Security Intelligence
Feed