Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

233 New today
64,548 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

658
Jun 9
351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
227
Jun 22
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.1 CVE-2026-4110

Ultimate WooCommerce Auction Pro <= 2.4.5 - Reflected XSS via uwa_auctions_bids_list_CVE-2026-4110

The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page,...

Unknown ultimate-woocommerce-auction-pro CVE
MEDIUM 5.3 CVE-2026-10530

Pie Register < 3.8.4.10 - Unauthenticated Email Verification Bypass via Predictable Token_CVE-2026-10530

The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowin...

Unknown Pie Register CVE
HIGH 8.1 CVE-2025-66336

Apache Doris MCP Server: SQL injection leading the authentication bypass_CVE-2025-66336

Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated i...

Apache Software Foundation Apache Doris MCP Server 0.1.0 CVE
MEDIUM 5.4 CVE-2025-62198

Apache Atlas: Stored XSS in Create Entity page_CVE-2025-62198

An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2....

Apache Software Foundation Apache Atlas CVE
HIGH 7.5 CVE-2025-66389

CVE-2025-66389_CVE-2025-66389

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_web...

n/a n/a n/a CVE
HIGH 7.3 CVE-2026-10845

IBM WebSphere Application Server is affected by an authentication bypass vulnerability_CVE-2026-10845

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applicat...

IBM WebSphere Application Server 8.5.0 CVE
HIGH 7 CVE-2026-56109

ALSA Library < 1.2.16.1 Double-Free via parse_def() in conf.c_CVE-2026-56109

The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows ...

alsa-project alsa-lib CVE
MEDIUM 6.9 CVE-2026-55602

http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass_CVE-2026-55602

http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-ta...

chimurai http-proxy-middleware >= 4.0.0, < 4.1.0 CVE
HIGH 8.1 CVE-2026-55388

piscina: Prototype Pollution Gadget → RCE via inherited options.filename_CVE-2026-55388

piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run() paths read the filename opt...

piscinajs piscina < 4.9.3 CVE