Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

156 New today

66,074 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

386

Jun 26

Jun 27

Critical

High

Medium

Low

Latest

CVE CVSS 5.9

OpenProject: Business Logic Error on OpenProject through PATCH request to /api/v3/users/me permits to bypass password requirements_CVE-2026-44733

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, Business Logic Error on OpenProject through PATCH request to /api/v3/users/me permits to bypass password requirements. A password validation flaw in the change password behavior allo...

CVE-2026-44733 opf openproject < 17.3.2

Jun 26, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-44732	OpenProject: IDOR on OpenProject through /api/v3/documents/{id} via PATCH parameter “project_id” leads to Unauthorized Modification of Resources_CVE-2026-44732 OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, OpenProject exposes a document update endpoint used ...	opf	openproject < 17.3.2	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-44731	OpenProject: Improper Access Control on OpenProject through /projects/[projectName]/meetings via “invited_user_id” in GET parameter “filters” leads to user names disclosure_CVE-2026-44731 OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks ...	opf	openproject < 17.3.2	Jun 26, 2026	CVE
MEDIUM 5.7	CVE-2026-44696	OpenProject: Stored CSS injection via Sanitize::Config::RELAXED[:css] enables phishing overlays and data exfiltration_CVE-2026-44696 OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text (markdown) rendering pipeline uses Sani...	opf	openproject < 17.4.0	Jun 26, 2026	CVE
HIGH 8.7	CVE-2026-32833	Cudy LT300 3.0 OS Command Injection via NTP Configuration_CVE-2026-32833 Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execu...	Shenzhen Cudy Technology Co., Ltd.	LT300 3.0	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-29509	Patool < 4.0.5 Path Traversal via safe_extract() Function_CVE-2026-29509 Patool before 4.0.5 contains a path traversal vulnerability in the safe_extract() function in patoolib/programs/py_tarfile.py when running on Pytho...	wummel	patool	Jun 26, 2026	CVE
HIGH 8.5	CVE-2026-54353	Budibase: Potential SSRF DNS rebinding bypass in outbound fetch validation_CVE-2026-54353 Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist...	Budibase	budibase < 3.39.9	Jun 26, 2026	CVE
CRITICAL 9.6	CVE-2026-54352	Budibase: Arbitrary file read by workspace-builder via PWA-zip symlink upload_CVE-2026-54352 Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packages/server/src/api/routes/static.ts:24 accepts a...	Budibase	budibase < 3.39.9	Jun 26, 2026	CVE
HIGH 8.2	CVE-2026-54351	Budibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId Override_CVE-2026-54351 Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly accessible and passes the full ...	Budibase	budibase < 3.39.9	Jun 26, 2026	CVE
CRITICAL 10	CVE-2026-54350	Budibase: Anonymous NoSQL operator injection via published-app query templates_CVE-2026-54350 Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of t...	Budibase	budibase < 3.39.12	Jun 26, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

OpenProject: Business Logic Error on OpenProject through PATCH request to /api/v3/users/me permits to bypass password requirements_CVE-2026-44733

Recent Advisories

OpenProject: IDOR on OpenProject through /api/v3/documents/{id} via PATCH parameter “project_id” leads to Unauthorized Modification of Resources_CVE-2026-44732

OpenProject: Improper Access Control on OpenProject through /projects/[projectName]/meetings via “invited_user_id” in GET parameter “filters” leads to user names disclosure_CVE-2026-44731

OpenProject: Stored CSS injection via Sanitize::Config::RELAXED[:css] enables phishing overlays and data exfiltration_CVE-2026-44696

Cudy LT300 3.0 OS Command Injection via NTP Configuration_CVE-2026-32833

Patool < 4.0.5 Path Traversal via safe_extract() Function_CVE-2026-29509

Budibase: Potential SSRF DNS rebinding bypass in outbound fetch validation_CVE-2026-54353

Budibase: Arbitrary file read by workspace-builder via PWA-zip symlink upload_CVE-2026-54352

Budibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId Override_CVE-2026-54351

Budibase: Anonymous NoSQL operator injection via published-app query templates_CVE-2026-54350

Protect Your Attack Surface with RedGem

Security Intelligence
Feed