Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

330 New today
65,663 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
Jun 26
Critical
High
Medium
Low
Latest
CVE CVSS 7.4

Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation_CVE-2026-12992

A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-cont...

CVE-2026-12992 Red Hat Red Hat build of Apicurio Registry 3
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.5 CVE-2026-12975

Apicurio/apicurio-registry: apicurio-registry: unhardened saxparser in content-type detection leads to blind xxe / ssrf / billion-laughs dos_CVE-2026-12975

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml() method creates a SAXParserFactory without enabling secure processing fea...

Red Hat Red Hat build of Apicurio Registry 3 CVE
HIGH 8.1 CVE-2026-11800

Org.keycloak:keycloak-services: keycloak: authentication bypass via jwt algorithm confusion_CVE-2026-11800

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client c...

Red Hat Red Hat build of Keycloak 26.6 26.6.4-2 CVE
MEDIUM 6 CVE-2026-11703

Missing SNI/ALPN binding on stateful (session-ID) TLS session resumption_CVE-2026-11703

Missing SNI/ALPN binding on stateful (session-ID) resumption, which previously skipped the binding check performed for ticket-based resumption. A c...

wolfSSL wolfSSL 3.15.0 CVE
MEDIUM 6.3 CVE-2026-10098

OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status_CVE-2026-10098

OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer SingleResponse whose serial is a prefix of the tar...

wolfSSL wolfSSL 4.6.0 CVE
MEDIUM 5.7 CVE-2026-7532

iPAddress name constraints not enforced when WOLFSSL_IP_ALT_NAME is undefined_CVE-2026-7532

iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name constraints are not enforced in that configuration, allo...

wolfSSL wolfSSL CVE
MEDIUM 5.9 CVE-2026-7511

PKCS7_verify signer confusion allows forged signatures to be accepted_CVE-2026-7511

PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged si...

wolfSSL wolfSSL 3.15.5 CVE
HIGH 8.1 CVE-2026-22879

CVE-2026-22879_CVE-2026-22879

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability

vtk vtk 9.5.2 CVE
HIGH 7.6 CVE-2025-71340

picklescan – Remote Code Execution via idlelib.pyshell.ModifiedInterpreter.runcode_CVE-2025-71340

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. Att...

picklescan picklescan CVE
CRITICAL 10 CVE-2025-71338

Flowise – Arbitrary File Write to Remote Code Execution via document-store API_CVE-2025-71338

Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to writ...

Flowise Flowise CVE