Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

358 New today

66,066 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

386

Jun 26

Jun 27

Critical

High

Medium

Low

Latest

CVE CVSS 9.6

OpenProject: Cache store poisoning leads to Remote Code Execution (RCE)_CVE-2026-52780

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution (RCE). This vulnerability is fixed in 17.3.3 and 17.4.1.

CVE-2026-52780 opf openproject < 17.3.3

Jun 26, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.4	CVE-2026-52779	OpenProject: Cross-project authorization bypass allows deleting public Calendar and Team Planner queries from unauthorized projects_CVE-2026-52779 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, a cross-project IDOR / authorization context confusi...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-47193	OpenProject: Journal diff endpoint bypasses object, journal, and field visibility checks_CVE-2026-47193 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historica...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-55838	RustFS: Missing admin authorization on /rustfs/admin/v3/metrics allows any authenticated user to read server metrics_CVE-2026-55838 RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metric...	rustfs	rustfs <= 1.0.0-beta.7	Jun 26, 2026	CVE
HIGH 7.7	CVE-2026-55189	RustFS: FTP frontend skips IAM authorization on object reads_CVE-2026-55189 RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, when the FTP frontend is enabled, the FTP read ...	rustfs	rustfs >= 1.0.0-alpha.1, <= 1.0.0-beta.8	Jun 26, 2026	CVE
HIGH 8.2	CVE-2026-55188	RustFS: ListRemoteTargetHandler authorization bypass leaks replication target credentials_CVE-2026-55188 RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the ...	rustfs	rustfs >= 1.0.0-alpha.1, <= 1.0.0-beta.8	Jun 26, 2026	CVE
HIGH 8.6	CVE-2026-49991	RustFS Snowball Auto-Extract: Path Traversal allows cross-bucket object injection_CVE-2026-49991 RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucke...	rustfs	rustfs 1.0.0-beta.4	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-49355	OpenProject: Private work package data disclosure through single meeting agenda item API_CVE-2026-49355 OpenProject is open-source, web-based project management software. Prior to 17.4.0, `GET /api/v3/meetings/:meeting_id/agenda_items/:agenda_item_id`...	opf	openproject < 17.4.0	Jun 26, 2026	CVE
CRITICAL 9.9	CVE-2026-46386	OpenProject: Pre-authentication RCE in openproject/openproject Docker image via default `SECRET_KEY_BASE=OVERWRITE_ME` and `cookies_serializer = :marshal`_CVE-2026-46386 OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRET_KE...	opf	openproject >= 8.3.0, < 17.2.4	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-44736	OpenProject: Relations API Filter Bypasses Visibility Scope, Leaking Cross-Project Work Package Subjects_CVE-2026-44736 OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows any authenticated use...	opf	openproject < 17.4.0	Jun 26, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

OpenProject: Cache store poisoning leads to Remote Code Execution (RCE)_CVE-2026-52780

Recent Advisories

OpenProject: Cross-project authorization bypass allows deleting public Calendar and Team Planner queries from unauthorized projects_CVE-2026-52779

OpenProject: Journal diff endpoint bypasses object, journal, and field visibility checks_CVE-2026-47193

RustFS: Missing admin authorization on /rustfs/admin/v3/metrics allows any authenticated user to read server metrics_CVE-2026-55838

RustFS: FTP frontend skips IAM authorization on object reads_CVE-2026-55189

RustFS: ListRemoteTargetHandler authorization bypass leaks replication target credentials_CVE-2026-55188

RustFS Snowball Auto-Extract: Path Traversal allows cross-bucket object injection_CVE-2026-49991

OpenProject: Private work package data disclosure through single meeting agenda item API_CVE-2026-49355

OpenProject: Pre-authentication RCE in openproject/openproject Docker image via default `SECRET_KEY_BASE=OVERWRITE_ME` and `cookies_serializer = :marshal`_CVE-2026-46386

OpenProject: Relations API Filter Bypasses Visibility Scope, Leaking Cross-Project Work Package Subjects_CVE-2026-44736

Protect Your Attack Surface with RedGem

Security Intelligence
Feed