Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

215 New today
64,653 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
15
Jun 23
Critical
High
Medium
Low
Latest
CVE CVSS 7.5

Astro: Host-header full-read SSRF in core prerendered error-page fetch (prerenderedErrorPageFetch default + unvalidated createRequestFromNodeRequest URL)_CVE-2026-54299

Astro is a web framework. Prior to 6.4.6, Astro SSR apps with prerendered error pages (/404 or /500 using export const prerender = true) fetch those pages over HTTP at runtime when an error occurs. The URL for this fetch is derived from request.url, which in turn gets its orig...

CVE-2026-54299 withastro astro < 6.4.6
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.2 CVE-2026-54298

Astro: XSS via Unescaped Attribute Names in Spread Props_CVE-2026-54298

Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and pas...

withastro astro < 6.4.6 CVE
HIGH 7.5 CVE-2026-54293

NLTK: URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read_CVE-2026-54293

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural L...

nltk nltk < 3.10.0-rc1 CVE
MEDIUM 6.5 CVE-2026-54288

Hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`_CVE-2026-54288

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the reques...

honojs hono < 4.12.25 CVE
HIGH 8.7 CVE-2026-53779

WebP Server Go < 0.15.0 Path Traversal via Backslash Encoding on Windows_CVE-2026-53779

WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the co...

webp-sh webp_server_go CVE
LOW 3.1 CVE-2026-53663

React Router: `handleDocumentRequest` CSRF check covers `POST` only; PUT/PATCH/DELETE bypass_CVE-2026-53663

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on PO...

remix-run react-router >= 7.12.0, < 7.15.1 CVE
HIGH 7.1 CVE-2026-50146

Astro: Reflected XSS via unescaped slot name_CVE-2026-50146

Astro is a web framework. Prior to 6.3.3, when a component uses a client:* directive, Astro inserts named slot content into a data-astro-template a...

withastro astro < 6.3.3 CVE
HIGH 8.7 CVE-2026-11834

Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers_CVE-2026-11834

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient va...

TP-Link Systems Inc. Archer MR200 v07 CVE
LOW 3.7 CVE-2026-48931

CVE-2026-48931_CVE-2026-48931

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerab...

nodejs node 22.22.3 CVE
HIGH 7.8 CVE-2026-44274

CVE-2026-44274_CVE-2026-44274

Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privilege...

Dell Wyse Management Suite (WMS) CVE