Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

234 New today

65,164 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

232

Jun 24

Critical

High

Medium

Low

Latest

CVE CVSS 5.8

Ghost: Private IP filtering bypass to make server-side requests to internal services_CVE-2026-53944

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal service using an IPv6 literal which maps to a private IPv4 address. This vulnerabi...

CVE-2026-53944 TryGhost Ghost >= 6.0.9, < 6.21.1

Jun 24, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.6	CVE-2026-53943	Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header_CVE-2026-53943 Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being ...	TryGhost	Ghost >= 4.0.0, < 6.37.0	Jun 24, 2026	CVE
CRITICAL 9.8	CVE-2026-49980	Rclone: Unauthenticated command execution in `rclone rcd –rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix_CVE-2026-49980 Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd ...	rclone	rclone >= 1.46.0, < 1.74.3	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-49247	Jellyfin: Potential Authenticated path traversal in /ClientLog/Document_CVE-2026-49247 Jellyfin is an open source self hosted media server. From 10.9.0 until 10.11.10, the POST /ClientLog/Document endpoint accepts the Authorization he...	jellyfin	jellyfin >= 10.9.0, < 10.11.10	Jun 24, 2026	CVE
LOW 1.7	CVE-2026-49246	Jellyfin: Potential MKV attachment filename path traversal to RCE_CVE-2026-49246 Jellyfin is an open source self hosted media server. Prior to 10.11.10, a specifically crafted MKV file containing forged filename tags can be leve...	jellyfin	jellyfin < 10.11.10	Jun 24, 2026	CVE
MEDIUM 5.7	CVE-2026-49220	Jellyfin: Potential XSS in user management_CVE-2026-49220 Jellyfin is an open source self hosted media server. Prior to 10.11.9, a potential XSS attack exists in Jellyfin which can allow a non-privileged u...	jellyfin	jellyfin < 10.11.9	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-48793	Jellyfin: Potential FFmpeg argument injection via unescaped subtitle file path_CVE-2026-48793 Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle ...	jellyfin	jellyfin < 10.11.10	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-12760	Denial-of-Service Vulnerability via Malformed IPv4 Fragmentation Handling in TP-Link Tapo C200_CVE-2026-12760 A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 f...	TP-Link Systems Inc.	Tapo C200 v3	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-13038	CVE-2026-13038_CVE-2026-13038 Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HT...	Google	Chrome 149.0.7827.197	Jun 24, 2026	CVE
HIGH 7.8	CVE-2026-13037	CVE-2026-13037_CVE-2026-13037 Use after free in WebView in Google Chrome on Android prior to 149.0.7827.197 allowed a local attacker to execute arbitrary code inside a sandbox v...	Google	Chrome 149.0.7827.197	Jun 24, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Ghost: Private IP filtering bypass to make server-side requests to internal services_CVE-2026-53944

Recent Advisories

Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header_CVE-2026-53943

Rclone: Unauthenticated command execution in `rclone rcd –rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix_CVE-2026-49980

Jellyfin: Potential Authenticated path traversal in /ClientLog/Document_CVE-2026-49247

Jellyfin: Potential MKV attachment filename path traversal to RCE_CVE-2026-49246

Jellyfin: Potential XSS in user management_CVE-2026-49220

Jellyfin: Potential FFmpeg argument injection via unescaped subtitle file path_CVE-2026-48793

Denial-of-Service Vulnerability via Malformed IPv4 Fragmentation Handling in TP-Link Tapo C200_CVE-2026-12760

CVE-2026-13038_CVE-2026-13038

CVE-2026-13037_CVE-2026-13037

Protect Your Attack Surface with RedGem

Security Intelligence
Feed