Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

227 New today

66,926 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

386

Jun 26

Jun 27

318

Jun 28

284

Jun 29

222

Jun 30

Critical

High

Medium

Low

Latest

CVE CVSS 4.3

CVAT < 2.69.0 - Missing Authorization on Quality Reports parent_id Filter Leaks Cross-Organization Report Existence_CVE-2026-58373

CVAT before 2.69.0 contains an improper authorization vulnerability in QualityReportViewSet.get_queryset that allows authenticated attackers to enumerate quality report identifiers belonging to other organizations by exploiting a missing check_object_permissions call on the pa...

CVE-2026-58373 cvat-ai cvat

Jun 30, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-58372	SeaweedFS < 4.34 - Cross-Bucket Object Deletion via DeleteObjects Request-Body Keys_CVE-2026-58372 SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler that allows authenticated S3 principal...	seaweedfs	seaweedfs	Jun 30, 2026	CVE
LOW 3.1	CVE-2026-58371	SeaweedFS < 4.30 - Cross-Origin Information Disclosure via Unvalidated JSONP callback Parameter_CVE-2026-58371 SeaweedFS before 4.30 reflects the callback query parameter verbatim into responses served with Content-Type application/javascript in the shared w...	seaweedfs	seaweedfs	Jun 30, 2026	CVE
HIGH 8.1	CVE-2026-58370	Woodpecker < 3.15.0 - GitLab Approval Gate Bypass via Spoofable Commit Author Name_CVE-2026-58370 Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is popu...	woodpecker-ci	woodpecker	Jun 30, 2026	CVE
MEDIUM 5.3	CVE-2026-58369	Woodpecker < 3.15.0 - Unauthenticated NULL Pointer Dereference in /api/orgs/lookup Enables Log-Flooding Denial of Service_CVE-2026-58369 Woodpecker before 3.15.0 registers the /api/orgs/lookup/*org_full_name endpoint without authentication middleware, and the LookupOrg handler uncond...	woodpecker-ci	woodpecker	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-58176	RuoYi-Vue-Plus – Missing Authorization on Workflow Task Management Endpoints_CVE-2026-58176 RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task management endpoints under /workflow/task (FlwTaskController) without ...	dromara	RuoYi-Vue-Plus	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-58174	Hermes WebUI < 0.51.521 - Cross-Profile Authorization Bypass via Unset Session Profile on Import_CVE-2026-58174 Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object withou...	nesquena	hermes-webui	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-58173	Vibe-Trading < 0.1.10 - Path Traversal via Persistent Memory Type_CVE-2026-58173 Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory ...	HKUDS	Vibe-Trading	Jun 30, 2026	CVE
CRITICAL 9.1	CVE-2026-58172	Ocelot – IP Allow/Block List Bypass for WebSocket Upgrade Requests_CVE-2026-58172 Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based ...	ThreeMammals	Ocelot	Jun 30, 2026	CVE
MEDIUM 4.2	CVE-2026-58171	Vibe-Trading < 0.1.10 - Path Traversal via Swarm Run Identifier_CVE-2026-58171 Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory without vali...	HKUDS	Vibe-Trading	Jun 30, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

CVAT < 2.69.0 - Missing Authorization on Quality Reports parent_id Filter Leaks Cross-Organization Report Existence_CVE-2026-58373

Recent Advisories

SeaweedFS < 4.34 - Cross-Bucket Object Deletion via DeleteObjects Request-Body Keys_CVE-2026-58372

SeaweedFS < 4.30 - Cross-Origin Information Disclosure via Unvalidated JSONP callback Parameter_CVE-2026-58371

Woodpecker < 3.15.0 - GitLab Approval Gate Bypass via Spoofable Commit Author Name_CVE-2026-58370

Woodpecker < 3.15.0 - Unauthenticated NULL Pointer Dereference in /api/orgs/lookup Enables Log-Flooding Denial of Service_CVE-2026-58369

RuoYi-Vue-Plus – Missing Authorization on Workflow Task Management Endpoints_CVE-2026-58176

Hermes WebUI < 0.51.521 - Cross-Profile Authorization Bypass via Unset Session Profile on Import_CVE-2026-58174

Vibe-Trading < 0.1.10 - Path Traversal via Persistent Memory Type_CVE-2026-58173

Ocelot – IP Allow/Block List Bypass for WebSocket Upgrade Requests_CVE-2026-58172

Vibe-Trading < 0.1.10 - Path Traversal via Swarm Run Identifier_CVE-2026-58171

Protect Your Attack Surface with RedGem

Security Intelligence
Feed