Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

418 New today
67,195 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
386
Jun 26
53
Jun 27
318
Jun 28
284
Jun 29
427
Jun 30
64
Jul 1
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.8 CVE-2026-58168

DeepTutor < 1.4.10 - Insecure Default Grants Unrestricted MCP Tool Access to Non-Admin Users_CVE-2026-58168

DeepTutor before version 1.4.10 contains an authorization bypass vulnerability that allows low-privilege users to invoke unrestricted MCP tools due...

HKUDS DeepTutor CVE
MEDIUM 6.5 CVE-2026-58167

Nightingale < 9.0.0-beta.2 - Datasource Credential Disclosure to Low-Privilege Users_CVE-2026-58167

Nightingale (n9e) before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basi...

ccfos nightingale CVE
CRITICAL 9.1 CVE-2026-58166

OpenBMB ChatDev – Unauthenticated Path Traversal in Upload Handler Allows Arbitrary File Write and Delete_CVE-2026-58166

OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows unauthenticated remote attackers to wri...

OpenBMB ChatDev CVE
HIGH 8.8 CVE-2026-58165

OpenZiti – Privilege Escalation to Admin via Unauthorized Enrollment Creation_CVE-2026-58165

OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with ...

openziti ziti CVE
HIGH 7.5 CVE-2026-49451

Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing_CVE-2026-49451

The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML...

microsoft OpenAPI.NET >= 2.0.0-preview11, < 2.7.5 CVE
MEDIUM 6.5 CVE-2026-10655

Use-after-free race in SNTP async client when closing the socket while the socket service is still polling it_CVE-2026-10655

The asynchronous SNTP client in Zephyr (subsys/net/lib/sntp/sntp.c, sntp_close_async) closed the UDP socket file descriptor directly from the calli...

zephyrproject zephyr 4.2.0 CVE
LOW 3.1 CVE-2026-10654

RFCOMM session-disconnect race leaks session/L2CAP and denies further RFCOMM service in Zephyr Bluetooth Classic_CVE-2026-10654

A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c) mishandles a simultaneous bidirectional...

zephyrproject zephyr 1.6.0 CVE
MEDIUM 6.4 CVE-2026-10653

Non-atomic `net_buf` reference counts cause double-free / free-list corruption under concurrent unref_CVE-2026-10653

The Zephyr net_buf library (lib/net_buf/buf.c) manipulated both of its reference counts -- the per-header buf->ref and the per-data-block ref_count...

zephyrproject zephyr 2.7.0 CVE
MEDIUM 4.8 CVE-2026-10652

Out-of-bounds read in Zephyr DNS resolver TXT/SRV record parsing (unvalidated `rdlength`)_CVE-2026-10652

Zephyr's DNS resolver (subsys/net/lib/dns) parses resource records from DNS responses in dns_unpack_answer(), which validated only the fixed RR hea...

zephyrproject zephyr 4.3.0 CVE