Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

336 New today

65,686 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

Jun 26

Critical

High

Medium

Low

Latest

CVE CVSS 8.2

wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer_CVE-2026-55961

wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now r...

CVE-2026-55961 wolfSSL wolfSSL 3.15.7

Jun 25, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-55700	pnpm: stage download writes outside destination via manifest version traversal_CVE-2026-55700 pnpm is a package manager. From 11.3.0 until 11.5.3, `pnpm stage download` derived a local filename from registry-controlled package name and versi...	pnpm	pnpm >= 11.3.0, < 11.5.3	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-55699	pnpm: reserved bin name deletes PNPM_HOME during global remove_CVE-2026-55699 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a mal...	pnpm	pnpm < 10.34.2	Jun 25, 2026	CVE
HIGH 8.8	CVE-2026-55698	pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes_CVE-2026-55698 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can persist package-manager bootstrap metadata in the first YAML document of pnpm-lock...	pnpm	pnpm < 10.34.2	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-55697	pnpm: Repository-controlled configDependencies can select a pacquet native install engine_CVE-2026-55697 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch...	pnpm	pnpm < 10.34.2	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-55487	pnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycle_CVE-2026-55487 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball,...	pnpm	pnpm < 10.34.2	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-55180	pnpm: Repository config can expand victim environment secrets into registry requests before scripts run_CVE-2026-55180 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeholders from repository-controlled .npmrc and pnp...	pnpm	pnpm < 10.34.2	Jun 25, 2026	CVE
MEDIUM 6.9	CVE-2026-54679	jq: potential integer overflow in jvp_string_append_CVE-2026-54679 jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvp_string_append has a chance of integer/multiple overflowing and then causi...	jqlang	jq < 1.8.2	Jun 25, 2026	CVE
MEDIUM 6.8	CVE-2026-50573	pnpm: Unsafe default behavior breaks integrity check_CVE-2026-50573 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm install` in non-frozen mode can accept new remote package content after detecting tha...	pnpm	pnpm < 10.33.4	Jun 25, 2026	CVE
MEDIUM 6.8	CVE-2026-50021	pnpm: Integrity Check Bypass via Missing Lockfile Integrity Field_CVE-2026-50021 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is a...	pnpm	pnpm < 10.34.0	Jun 25, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer_CVE-2026-55961

Recent Advisories

pnpm: stage download writes outside destination via manifest version traversal_CVE-2026-55700

pnpm: reserved bin name deletes PNPM_HOME during global remove_CVE-2026-55699

pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes_CVE-2026-55698

pnpm: Repository-controlled configDependencies can select a pacquet native install engine_CVE-2026-55697

pnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycle_CVE-2026-55487

pnpm: Repository config can expand victim environment secrets into registry requests before scripts run_CVE-2026-55180

jq: potential integer overflow in jvp_string_append_CVE-2026-54679

pnpm: Unsafe default behavior breaks integrity check_CVE-2026-50573

pnpm: Integrity Check Bypass via Missing Lockfile Integrity Field_CVE-2026-50021

Protect Your Attack Surface with RedGem

Security Intelligence
Feed