Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

298 New today
64,641 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
3
Jun 23
Critical
High
Medium
Low
Latest
CVE CVSS 5.4

Authlib OAuth 2.0 authorization endpoint open redirects to attacker-controlled redirect_uri on unsupported response_type_CVE-2026-41479

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported response_type and supplies an attacker-contro...

CVE-2026-41479 authlib authlib < 1.6.10
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2026-39904

Gophish 0.12.1 Denial of Service via Office Document Upload_CVE-2026-39904

Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by up...

gophish gophish CVE
MEDIUM 5.3 CVE-2026-56698

Nuxt – Cross-Site Scripting via navigateTo open Option_CVE-2026-56698

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side scr...

Nuxt Nuxt 4.0.0 CVE
MEDIUM 5.3 CVE-2026-56697

Nuxt – Open Redirect via Protocol-Relative Paths in reloadNuxtApp_CVE-2026-56697

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass ...

Nuxt Nuxt 4.0.0 CVE
MEDIUM 6.3 CVE-2026-56357

n8n – Webhook Forgery via Missing HMAC-SHA256 Signature Verification in GitHub Webhook Trigger_CVE-2026-56357

n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signa...

n8n n8n CVE
MEDIUM 5.3 CVE-2026-56348

n8n – Credential Exfiltration via Allowed HTTP Request Domains Bypass in Dynamic Node Parameters Endpoint_CVE-2026-56348

n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authentic...

n8n n8n CVE
MEDIUM 5.3 CVE-2026-56326

Nuxt – Server-Side Open Redirect via Path-Normalization Bypass in navigateTo_CVE-2026-56326

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly valid...

Nuxt Nuxt 4.0.0 CVE
HIGH 8.8 CVE-2026-56324

Capgo – Rate Limit Bypass via User-Controlled device_id Parameter_CVE-2026-56324

Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel_self endpoint that allows attackers to circumvent rate limiting by ...

Capgo Capgo CVE
HIGH 8.7 CVE-2026-56323

Capgo – Unauthenticated Channel Enumeration and App Oracle via GET /channel_self_CVE-2026-56323

Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channel_self endpoint that allows unauthenticated attac...

Capgo Capgo CVE
MEDIUM 6.9 CVE-2026-56321

Capgo – Missing Authentication Middleware on GET /private/role_bindings Endpoint_CVE-2026-56321

Capgo (backend Supabase edge functions) before 12.128.2 does not apply the global authentication middleware to the GET /private/role_bindings/:org_...

Capgo Capgo CVE