Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

251 New today

66,900 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

386

Jun 26

Jun 27

318

Jun 28

284

Jun 29

196

Jun 30

Critical

High

Medium

Low

Latest

HACKERONE

curl: CURLSHOPT_UNSHARE race can cause UAF in shared SSL session cache during HTTPS transfer_H1:3831345

## Summary `CURLSHOPT_UNSHARE` can free a shared SSL session cache while another thread is starting a normal HTTPS transfer with the same share handle. The failing transfer reaches the cache through `curl_easy_perform()`, during the OpenSSL handshake. libcurl appears to try t...

H1:3831345

Jun 29, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	THN:92496BE41BB...	Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer_THN:92496BE41BBB472864D9FF3429DE96A7 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEid1CxvsX2dPrKoA1VzJ6PUhwrXxvSC4ehRmgyaRRCJlP_MFSeOxvwrT2ODJSbQx3E-7bBwBG4YpP3CQGLz...	N/A	N/A	Jun 30, 2026	THN
CRITICAL 9.8	CVE-2026-9711	EventON – WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection via Search Parameter_CVE-2026-9711 The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress (full) is vulnerable to SQL Injection via the WordPress 'search' paramet...	EventON	EventON (Pro) - WordPress Virtual Event Calendar Plugin	Jun 30, 2026	CVE
HIGH 7.2	CVE-2026-8141	Ajax Load More – Filters <= 3.4.1 - Unauthenticated Stored Cross-Site Scripting via 'taxonomy_include_children' Field_CVE-2026-8141 The Ajax Load More - Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'taxonomy_include_children' parameter in all...	Connekt Media	Ajax Load More - Filters	Jun 30, 2026	CVE
MEDIUM 5.1	CVE-2026-6954	Multiple vulnerabilities in Intermark IT’s WebControl CMS_CVE-2026-6954 Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or...	Intermark IT	WebControl CMS	Jun 30, 2026	CVE
MEDIUM 5.1	CVE-2026-6953	Multiple vulnerabilities in Intermark IT’s WebControl CMS_CVE-2026-6953 HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTM...	Intermark IT	WebControl CMS	Jun 30, 2026	CVE
HIGH 7.7	CVE-2026-13149	CVE-2026-13149_CVE-2026-13149 brace-expansion through 5.0.6 is vulnerable to denial of service. The expand() function exhibits exponential-time complexity in the number of conse...	juliangruber	brace-expansion	Jun 30, 2026	CVE
MEDIUM 6.4	CVE-2026-12610	Sssd: use-after-free crash in sssd’ ‘sssd_pam’ process_CVE-2026-12610 A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memor...	Red Hat	Red Hat Enterprise Linux 10	Jun 30, 2026	CVE
CRITICAL 9.3	CVE-2026-12076	SQL Injection in Raytha CMS_CVE-2026-12076 Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline. The vulnerability allows a remote, unauthenticated attacker to...	Raytha	Raytha 1.5.2	Jun 30, 2026	CVE
HIGH 7	CVE-2026-10763	CVE-2026-10763_CVE-2026-10763 PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server.	Hitachi Energy	PROMOD V 1.0.0	Jun 30, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

curl: CURLSHOPT_UNSHARE race can cause UAF in shared SSL session cache during HTTPS transfer_H1:3831345

Recent Advisories

Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer_THN:92496BE41BBB472864D9FF3429DE96A7

EventON – WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection via Search Parameter_CVE-2026-9711

Ajax Load More – Filters <= 3.4.1 - Unauthenticated Stored Cross-Site Scripting via 'taxonomy_include_children' Field_CVE-2026-8141

Multiple vulnerabilities in Intermark IT’s WebControl CMS_CVE-2026-6954

Multiple vulnerabilities in Intermark IT’s WebControl CMS_CVE-2026-6953

CVE-2026-13149_CVE-2026-13149

Sssd: use-after-free crash in sssd’ ‘sssd_pam’ process_CVE-2026-12610

SQL Injection in Raytha CMS_CVE-2026-12076

CVE-2026-10763_CVE-2026-10763

Protect Your Attack Surface with RedGem

Security Intelligence
Feed