Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

196 New today
65,119 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
187
Jun 24
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.6 CVE-2026-49269

CVE-2026-49269_CVE-2026-49269

Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU re...

Apple Apple M1 GPU Legacy CVE
LOW 2.1 CVE-2026-54906

concurrent-ruby: ReadWriteLock allows wrong-thread write release and stray read-release counter corruption_CVE-2026-54906

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calli...

ruby-concurrency concurrent-ruby < 1.3.7 CVE
LOW 2 CVE-2026-54905

concurrent-ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity_CVE-2026-54905

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after...

ruby-concurrency concurrent-ruby < 1.3.7 CVE
HIGH 8.2 CVE-2026-54904

concurrent-ruby: `AtomicReference#update` livelocks when the stored value is `Float::NAN`_CVE-2026-54904

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReference#update can enter a permanent busy retry loop wh...

ruby-concurrency concurrent-ruby < 1.3.7 CVE
HIGH 7.5 CVE-2026-54297

Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters_CVE-2026-54297

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Farada...

lostisland faraday >= 1.0.0, < 1.10.6 CVE
HIGH 8.8 CVE-2026-13164

Unauthenticated self-registration in MailerUp allows access to stored email data_CVE-2026-13164

Missing Authentication for Critical Function (CWE-306) in the RegisterView (apps/accounts/views.py), exposed at POST /api/auth/register/, in MailerUp

Mailerup Mailerup CVE
HIGH 7.7 CVE-2026-54699

Warp: OS command injection when opening terminal links from WSL_CVE-2026-54699

Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injec...

warpdotdev warp >= 0.2024.03.12.08.02.stable_01, < 0.2026.05.13.09.15.stable_01 CVE
MEDIUM 4.3 CVE-2026-54686

Warp: DCS lifecycle hook spoofing can alter terminal session metadata_CVE-2026-54686

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepted certain state-mutat...

warpdotdev warp >= 0.2021.04.25.23.05.stable_00, < 0.2026.05.13.09.15.stable_01 CVE
HIGH 8.7 CVE-2026-49851

Mistune: Potential DoS via quadratic-time parsing in parse_link_text_CVE-2026-49851

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (a...

lepture mistune < 3.3.0 CVE