Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

289 New today

64,988 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

Jun 24

Critical

High

Medium

Low

Latest

CVE CVSS 7.4

Deno: TLS retry copies stale upgrade hook, risking plaintext traffic_CVE-2026-44726

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When `autoSelectFamily was enabled and the first add...

CVE-2026-44726 denoland deno >= 2.0.0, < 2.7.8

Jun 23, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2025-71382	MuPDF < 1.27.0-rc1 Stack Exhaustion DoS via EPUB CSS Rendering_CVE-2025-71382 MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a d...	ArtifexSoftware	mupdf	Jun 23, 2026	CVE
HIGH 7.5	CVE-2025-61029	CVE-2025-61029_CVE-2025-61029 An issue in the sqlo_untry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL st...	n/a	n/a n/a	Jun 23, 2026	CVE
HIGH 7.5	CVE-2025-61024	CVE-2025-61024_CVE-2025-61024 An issue in the sqlo_try_in_loop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted ...	n/a	n/a n/a	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-54324	Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join_CVE-2026-54324 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant author...	daytonaio	daytona < 0.185.0	Jun 23, 2026	CVE
MEDIUM 5.9	CVE-2026-54323	Daytona: Git credential leak via git clone with TLS verification disabled_CVE-2026-54323 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clon...	daytonaio	daytona < 0.185.0	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-54318	Home Assistant: Exported BroadcastReceiver allows local apps to spoof device location_CVE-2026-54318 Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager Broa...	home-assistant	core < 2026.5.3	Jun 23, 2026	CVE
HIGH 7.6	CVE-2026-54317	Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN_CVE-2026-54317 Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration regi...	home-assistant	core < 2026.6.0	Jun 23, 2026	CVE
CRITICAL 9	CVE-2026-54157	LobeHub: Unauthenticated SSRF in `/webapi/proxy`_CVE-2026-54157 LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy e...	lobehub	lobehub < 2.1.57	Jun 23, 2026	CVE
CRITICAL 9.6	CVE-2026-53662	immich: One-click account takeover via XSS in login page continue redirect_CVE-2026-53662 immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting ...	immich-app	immich >= main@4ffa26c9, < main@4eb1003	Jun 23, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Deno: TLS retry copies stale upgrade hook, risking plaintext traffic_CVE-2026-44726

Recent Advisories

MuPDF < 1.27.0-rc1 Stack Exhaustion DoS via EPUB CSS Rendering_CVE-2025-71382

CVE-2025-61029_CVE-2025-61029

CVE-2025-61024_CVE-2025-61024

Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join_CVE-2026-54324

Daytona: Git credential leak via git clone with TLS verification disabled_CVE-2026-54323

Home Assistant: Exported BroadcastReceiver allows local apps to spoof device location_CVE-2026-54318

Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN_CVE-2026-54317

LobeHub: Unauthenticated SSRF in `/webapi/proxy`_CVE-2026-54157

immich: One-click account takeover via XSS in login page continue redirect_CVE-2026-53662

Protect Your Attack Surface with RedGem

Security Intelligence
Feed