Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

286 New today

64,930 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

292

Jun 23

Jun 24

Critical

High

Medium

Low

Latest

CVE CVSS 5.3

jackson-databind: Renamed @JsonIgnore’d setters can deserialize via private fields_CVE-2026-54516

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector._renameProperties() allows a property with @JsonProperty("renamed") on the getter and @JsonIgnore on ...

CVE-2026-54516 FasterXML jackson-databind >= 2.21.0, < 2.21.4

Jun 23, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-54515	jackson-databind: Case-insensitive deserialization bypasses per-property @JsonIgnoreProperties_CVE-2026-54515 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5...	FasterXML	jackson-databind >= 2.8.0, < 2.18.9	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-54514	jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)_CVE-2026-54514 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4...	FasterXML	jackson-databind >= 2.0.0, < 2.18.8	Jun 23, 2026	CVE
HIGH 8.1	CVE-2026-54513	jackson-databind: Array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)_CVE-2026-54513 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21....	FasterXML	jackson-databind >= 2.10.0, < 2.18.8	Jun 23, 2026	CVE
HIGH 8.1	CVE-2026-54512	jackson-databind: PolymorphicTypeValidator bypass via generic type parameters allows arbitrary class instantiation_CVE-2026-54512 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21....	FasterXML	jackson-databind >= 2.10.0, < 2.18.8	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-50193	jackson-databind: Deeply nested JsonNode throws StackOverflowError for toString()_CVE-2026-50193 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13.0 until 2.14.0, a pot...	FasterXML	jackson-databind >= 2.10.0, < 2.14.0	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-47382	NocoDB: Server-Side Request Forgery via Database Connection Host_CVE-2026-47382 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the connection-test endpoint opened a raw TCP socket to the user-sup...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-47380	NocoDB: User Enumeration via Sign-In Timing_CVE-2026-47380 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timing differed between known and unknown email add...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-47378	NocoDB: Hidden Column Exposure in Public Shared View Endpoints_CVE-2026-47378 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, Public shared-view endpoints exposed values from columns that the vi...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 5.1	CVE-2026-47377	NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin_CVE-2026-47377 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the client-side hashRedirect plugin called window.location.replace()...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

jackson-databind: Renamed @JsonIgnore’d setters can deserialize via private fields_CVE-2026-54516

Recent Advisories

jackson-databind: Case-insensitive deserialization bypasses per-property @JsonIgnoreProperties_CVE-2026-54515

jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)_CVE-2026-54514

jackson-databind: Array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)_CVE-2026-54513

jackson-databind: PolymorphicTypeValidator bypass via generic type parameters allows arbitrary class instantiation_CVE-2026-54512

jackson-databind: Deeply nested JsonNode throws StackOverflowError for toString()_CVE-2026-50193

NocoDB: Server-Side Request Forgery via Database Connection Host_CVE-2026-47382

NocoDB: User Enumeration via Sign-In Timing_CVE-2026-47380

NocoDB: Hidden Column Exposure in Public Shared View Endpoints_CVE-2026-47378

NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin_CVE-2026-47377

Protect Your Attack Surface with RedGem

Security Intelligence
Feed