Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

318 New today
67,218 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
386
Jun 26
53
Jun 27
318
Jun 28
284
Jun 29
427
Jun 30
87
Jul 1
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.8 CVE-2026-58449

txtai – Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter_CVE-2026-58449

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolv...

neuml txtai CVE
MEDIUM 6.5 CVE-2026-58448

yudao-cloud < 2026.06 - BPM Module Broken Access Control via process-instance API_CVE-2026-58448

yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated user to access arbitrary ...

YunaiV yudao-cloud CVE
MEDIUM 6.5 CVE-2026-58447

Invidious – Cross-User Playlist Video Deletion via Missing Ownership Check_CVE-2026-58447

Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level authorization vulnerability that allows authenticated attac...

iv-org Invidious CVE
MEDIUM 6.5 CVE-2026-58446

Presenton < 0.8.8-beta - Authentication Bypass of Session Auth via Unprotected MCP Endpoint_CVE-2026-58446

Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication (AUTH_USERNAME/AUTH_PAS...

presenton presenton CVE
HIGH 8.8 CVE-2026-52868

OFFIS DCMTK Toolkit Path Traversal_CVE-2026-52868

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deploymen...

OFFIS DICOM DCMTK Toolkit CVE
HIGH 8.7 CVE-2026-50254

OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime_CVE-2026-50254

An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-p...

OFFIS DICOM DCMTK Toolkit CVE
CRITICAL 9.3 CVE-2026-50003

OFFIS DCMTK Toolkit Path Traversal_CVE-2026-50003

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, ...

OFFIS DICOM DCMTK Toolkit CVE
HIGH 8.7 CVE-2026-35505

OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime_CVE-2026-35505

An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows u...

OFFIS DICOM DCMTK Toolkit CVE
HIGH 7.4 CVE-2026-11541

IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling_CVE-2026-11541

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP requ...

IBM WebSphere Application Server 9.0 CVE