Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

284 New today

64,932 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

Jun 24

Critical

High

Medium

Low

Latest

CVE CVSS 7.1

NanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response Handler_CVE-2026-56402

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting ap...

CVE-2026-56402 nanocoai nanoclaw

Jun 23, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.8	CVE-2026-55767	Guzzle: Dot-Only Cookie Domains Match All Hosts in guzzlehttp/guzzle_CVE-2026-55767 Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-pad...	guzzle	guzzle < 7.12.1	Jun 23, 2026	CVE
MEDIUM 4.8	CVE-2026-55766	guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization_CVE-2026-55766 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain ...	guzzle	psr7 < 2.12.1	Jun 23, 2026	CVE
MEDIUM 5.9	CVE-2026-55568	Guzzle: Silent HTTPS-Proxy Downgrade to Cleartext_CVE-2026-55568 Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the prox...	guzzle	guzzle < 7.12.1	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-54314	n8n: Denial of Service via ZIP decompression in webhook workflow_CVE-2026-54314 n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archi...	n8n-io	n8n < 2.24.0	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-54313	n8n: NoSQL Injection in MongoDB Node Find And Replace Operation_CVE-2026-54313 n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filte...	n8n-io	n8n < 2.24.0	Jun 23, 2026	CVE
HIGH 7.2	CVE-2026-54312	n8n: Microsoft SQL Node Prototype Pollution_CVE-2026-54312 n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achi...	n8n-io	n8n < 2.24.0	Jun 23, 2026	CVE
MEDIUM 6	CVE-2026-54311	n8n: Merge Node SQL Mode Prototype Pollution_CVE-2026-54311 n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows...	n8n-io	n8n >= 2.26.0, < 2.26.2	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-54310	n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes_CVE-2026-54310 n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows...	n8n-io	n8n >= 2.26.0, < 2.26.2	Jun 23, 2026	CVE
HIGH 8.8	CVE-2026-54309	n8n: n8n MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions_CVE-2026-54309 n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoi...	n8n-io	n8n >= 2.26.0, < 2.26.2	Jun 23, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

NanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response Handler_CVE-2026-56402

Recent Advisories

Guzzle: Dot-Only Cookie Domains Match All Hosts in guzzlehttp/guzzle_CVE-2026-55767

guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization_CVE-2026-55766

Guzzle: Silent HTTPS-Proxy Downgrade to Cleartext_CVE-2026-55568

n8n: Denial of Service via ZIP decompression in webhook workflow_CVE-2026-54314

n8n: NoSQL Injection in MongoDB Node Find And Replace Operation_CVE-2026-54313

n8n: Microsoft SQL Node Prototype Pollution_CVE-2026-54312

n8n: Merge Node SQL Mode Prototype Pollution_CVE-2026-54311

n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes_CVE-2026-54310

n8n: n8n MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions_CVE-2026-54309

Protect Your Attack Surface with RedGem

Security Intelligence
Feed