Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

268 New today

64,888 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

250

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 8.4

Daytona: Cross-tenant organization takeover via invitation acceptance with an unverified email_CVE-2026-54320

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted (and declined) by a user whose email matched the invitation but had not been verified. Daytona authenticates...

CVE-2026-54320 daytonaio daytona < 0.184.0

Jun 23, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.2	CVE-2026-54319	Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape_CVE-2026-54319 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.186, a sandbox volume refere...	daytonaio	daytona < 0.186	Jun 23, 2026	CVE
HIGH 8.6	CVE-2026-53755	Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check_CVE-2026-53755 Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the craw...	unclecode	crawl4ai < 0.8.9	Jun 23, 2026	CVE
HIGH 7.5	CVE-2026-53754	Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)_CVE-2026-53754 Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection (validate_webhook_url / vali...	unclecode	crawl4ai < 0.8.8	Jun 23, 2026	CVE
CRITICAL 9.8	CVE-2026-53753	Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain – Pre-Auth RCE in Docker API_CVE-2026-53753 Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature ...	unclecode	crawl4ai < 0.8.7	Jun 23, 2026	CVE
MEDIUM 5.9	CVE-2026-54762	Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails_CVE-2026-54762 Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes I...	traefik	traefik >= 3.7.0-ea.1, < 3.7.5	Jun 23, 2026	CVE
MEDIUM 6	CVE-2026-54761	Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services_CVE-2026-54761 Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gatew...	traefik	traefik < 3.6.21	Jun 23, 2026	CVE
HIGH 7.8	CVE-2026-54555	rtk: Permission-gate bypass in rtk rewrite auto-allow via unsplit shell separators_CVE-2026-54555 rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively spli...	rtk-ai	rtk < 0.42.2	Jun 23, 2026	CVE
HIGH 7.3	CVE-2026-54328	Pi: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts_CVE-2026-54328 Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictabl...	earendil-works	pi >= 0.74.0, < 0.78.1	Jun 23, 2026	CVE
LOW 2.2	CVE-2026-54327	Pi: Race condition in auth.json writes could expose stored credentials_CVE-2026-54327 Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi stored API keys and OAuth credentials in auth.json. A race condition in the f...	earendil-works	pi >= 0.74.0, < 0.78.1	Jun 23, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Daytona: Cross-tenant organization takeover via invitation acceptance with an unverified email_CVE-2026-54320

Recent Advisories

Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape_CVE-2026-54319

Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check_CVE-2026-53755

Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)_CVE-2026-53754

Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain – Pre-Auth RCE in Docker API_CVE-2026-53753

Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails_CVE-2026-54762

Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services_CVE-2026-54761

rtk: Permission-gate bypass in rtk rewrite auto-allow via unsplit shell separators_CVE-2026-54555

Pi: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts_CVE-2026-54328

Pi: Race condition in auth.json writes could expose stored credentials_CVE-2026-54327

Protect Your Attack Surface with RedGem

Security Intelligence
Feed