Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

264 New today
64,888 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
250
Jun 23
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
LOW 2.9 CVE-2026-57062

CVE-2026-57062_CVE-2026-57062

CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to...

GnuPG GnuPG CVE
MEDIUM 4 CVE-2026-57053

CVE-2026-57053_CVE-2026-57053

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_inte...

GNU libidn CVE
MEDIUM 4.3 CVE-2026-55517

Deno: Denial of service via non-ASCII bytes in WebSocket response headers_CVE-2026-55517

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.5, a Deno program that opens a client WebSocket connection could be crashed...

denoland deno < 2.7.5 CVE
MEDIUM 6 CVE-2026-54316

Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch_CVE-2026-54316

Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the ...

anthropics claude-code >= 0.2.54, < 2.1.163 CVE
CRITICAL 9.3 CVE-2026-54257

Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow_CVE-2026-54257

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs i...

electron electron >= 42.3.1, < 42.3.3 CVE
MEDIUM 5.3 CVE-2026-54022

Open WebUI: Any authenticated user can read other users’ private notes via Socket.IO_CVE-2026-54022

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the ydoc:document:join Socket.I...

open-webui open-webui < 0.8.11 CVE
MEDIUM 6.3 CVE-2026-54021

Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter_CVE-2026-54021

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, several direct, index-addressed ...

open-webui open-webui < 0.9.6 CVE
MEDIUM 6.5 CVE-2026-54019

Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode_CVE-2026-54019

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-leve...

open-webui open-webui < 0.9.6 CVE
HIGH 7.7 CVE-2026-54018

Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects_CVE-2026-54018

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePlaywrightURLLoader impl...

open-webui open-webui < 0.9.6 CVE