Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

307 New today
65,584 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
297
Jun 25
Critical
High
Medium
Low
Latest
CVE CVSS 6.5

LibreChat: Incomplete Fix for CVE-2024-11171 — Conversation Import Multer Instance Missing File Size Limits_CVE-2026-54024

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 (commit bb58a2d0) added limits: { fileSize } to createMulterInstance() in the file upload routes. However, the POST /api/convos/import endpoint uses a sep...

CVE-2026-54024 danny-avila LibreChat < 0.8.4-rc1
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.2 CVE-2026-45233

HTMLy CMS 3.1.1 Path Traversal via oldfile Parameter in Autosave_CVE-2026-45233

HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by s...

danpros htmly CVE
HIGH 7.5 CVE-2026-13351

net: Maliciously fragmented IPv6 packets can prevent receiving/processing future incoming packets_CVE-2026-13351

Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number of maliciously fragment...

zephyrproject-rtos Zephyr * CVE
LOW 2.3 CVE-2026-13350

CVE-2026-13350_CVE-2026-13350

Permissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create.

pretix Venueless 0.0.0 CVE
MEDIUM 6 CVE-2026-6291

Bleichenbacher padding oracle in PKCS#7 KTRI RSA PKCS#1 v1.5 decryption_CVE-2026-6291

Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key transport, wolfSSL returned...

wolfSSL wolfSSL 3.9.10 CVE
MEDIUM 6.3 CVE-2026-6094

Heap buffer overread in wc_PKCS7_DecodeEnvelopedData parsing crafted PKCS7 EnvelopedData_CVE-2026-6094

Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-su...

wolfSSL wolfSSL 5.8.0 CVE
MEDIUM 6 CVE-2026-6091

Partial-chain verification accepts untrusted intermediate as trust anchor_CVE-2026-6091

Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a truste...

wolfSSL wolfSSL 5.7.4 CVE
LOW 2 CVE-2026-55967

AES-GCM streaming APIs do not reject >64 GiB cumulative single messages, enabling counter wrap and keystream reuse_CVE-2026-55967

AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allo...

wolfSSL wolfSSL 4.8.0 CVE
HIGH 8.2 CVE-2026-55961

wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer_CVE-2026-55961

wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos,...

wolfSSL wolfSSL 3.15.7 CVE
HIGH 7.1 CVE-2026-55700

pnpm: stage download writes outside destination via manifest version traversal_CVE-2026-55700

pnpm is a package manager. From 11.3.0 until 11.5.3, `pnpm stage download` derived a local filename from registry-controlled package name and versi...

pnpm pnpm >= 11.3.0, < 11.5.3 CVE