Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

155 New today

66,777 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

386

Jun 26

Jun 27

318

Jun 28

284

Jun 29

Jun 30

Critical

High

Medium

Low

Latest

CVE CVSS 5.3

PhotoPrism – Unauthorized User Profile Modification via PUT /api/v1/users/{uid} Endpoint_CVE-2026-57945

PhotoPrism before 260601-a7d098548 contains a broken access control vulnerability that allows authenticated non-admin users to modify other users' profile information by sending requests to arbitrary user endpoints. Attackers can exploit the missing session-to-user identifier ...

CVE-2026-57945 photoprism photoprism

Jun 29, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6	CVE-2026-57943	LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint_CVE-2026-57943 LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users...	LibrePhotos	librephotos	Jun 29, 2026	CVE
MEDIUM 6.9	CVE-2026-57942	LibreTranslate – IP Spoofing via X-Forwarded-For Header_CVE-2026-57942 LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the get_remote_address() function that allows unaut...	LibreTranslate	LibreTranslate	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-56783	Parseable < 2.9.2 - Cleartext Credential Exposure in Notification Target API_CVE-2026-56783 Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and ba...	parseablehq	parseable	Jun 29, 2026	CVE
CRITICAL 9.3	CVE-2026-56782	Gorse – Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints_CVE-2026-56782 Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attacke...	gorse-io	gorse	Jun 29, 2026	CVE
MEDIUM 6.9	CVE-2026-56781	Teable – Unauthenticated Hidden Field Disclosure via Projection Parameter Override_CVE-2026-56781 Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field da...	teableio	teable	Jun 29, 2026	CVE
HIGH 7.7	CVE-2026-56780	Modoboa < 2.9.0 - Insecure Direct Object Reference in Account Password Change API_CVE-2026-56780 Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api/v1/accounts/{pk}/password/ endpoint that allows dom...	modoboa	modoboa	Jun 29, 2026	CVE
HIGH 7.7	CVE-2026-56285	Nitter – Server-Side Request Forgery in /video Media Proxy Endpoint_CVE-2026-56285 Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauth...	zedeus	nitter	Jun 29, 2026	CVE
MEDIUM 6.9	CVE-2026-13592	liftoff-sr CIPster EtherNet IP Message append out-of-bounds write_CVE-2026-13592 A vulnerability was detected in liftoff-sr CIPster up to e8e9dba09bf56962807d3504b783ccdb6287f3e4. Affected by this issue is the function BufWriter...	liftoff-sr	CIPster e8e9dba09bf56962807d3504b783ccdb6287f3e4	Jun 29, 2026	CVE
CRITICAL 9.3	CVE-2026-11720	Path Traversal in googleapis/mcp-toolbox HTTP Tool URL Builder_CVE-2026-11720 A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL b...	Google	MCP Toolbox for Databases (googleapis/mcp-toolbox)	Jun 29, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

PhotoPrism – Unauthorized User Profile Modification via PUT /api/v1/users/{uid} Endpoint_CVE-2026-57945

Recent Advisories

LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint_CVE-2026-57943

LibreTranslate – IP Spoofing via X-Forwarded-For Header_CVE-2026-57942

Parseable < 2.9.2 - Cleartext Credential Exposure in Notification Target API_CVE-2026-56783

Gorse – Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints_CVE-2026-56782

Teable – Unauthenticated Hidden Field Disclosure via Projection Parameter Override_CVE-2026-56781

Modoboa < 2.9.0 - Insecure Direct Object Reference in Account Password Change API_CVE-2026-56780

Nitter – Server-Side Request Forgery in /video Media Proxy Endpoint_CVE-2026-56285

liftoff-sr CIPster EtherNet IP Message append out-of-bounds write_CVE-2026-13592

Path Traversal in googleapis/mcp-toolbox HTTP Tool URL Builder_CVE-2026-11720

Protect Your Attack Surface with RedGem

Security Intelligence
Feed