Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

308 New today
65,238 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
306
Jun 24
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.3 CVE-2026-53947

Ghost: Member existence leak via magic link sign-in response_CVE-2026-53947

Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possib...

TryGhost Ghost >= 5.18.0, < 6.21.1 CVE
MEDIUM 5.4 CVE-2026-53946

Ghost: Mobiledoc image-size fetch SSRF_CVE-2026-53946

Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by is...

TryGhost Ghost >= 6.19.4, < 6.21.1 CVE
MEDIUM 4 CVE-2026-53945

Ghost: Server-side request forgery via DNS rebinding in external request handling_CVE-2026-53945

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DN...

TryGhost Ghost >= 6.0.9, < 6.21.1 CVE
MEDIUM 5.8 CVE-2026-53944

Ghost: Private IP filtering bypass to make server-side requests to internal services_CVE-2026-53944

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that...

TryGhost Ghost >= 6.0.9, < 6.21.1 CVE
CRITICAL 9.6 CVE-2026-53943

Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header_CVE-2026-53943

Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being ...

TryGhost Ghost >= 4.0.0, < 6.37.0 CVE
CRITICAL 9.8 CVE-2026-49980

Rclone: Unauthenticated command execution in `rclone rcd –rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix_CVE-2026-49980

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd ...

rclone rclone >= 1.46.0, < 1.74.3 CVE
HIGH 8.8 CVE-2026-49247

Jellyfin: Potential Authenticated path traversal in /ClientLog/Document_CVE-2026-49247

Jellyfin is an open source self hosted media server. From 10.9.0 until 10.11.10, the POST /ClientLog/Document endpoint accepts the Authorization he...

jellyfin jellyfin >= 10.9.0, < 10.11.10 CVE
LOW 1.7 CVE-2026-49246

Jellyfin: Potential MKV attachment filename path traversal to RCE_CVE-2026-49246

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a specifically crafted MKV file containing forged filename tags can be leve...

jellyfin jellyfin < 10.11.10 CVE
MEDIUM 5.7 CVE-2026-49220

Jellyfin: Potential XSS in user management_CVE-2026-49220

Jellyfin is an open source self hosted media server. Prior to 10.11.9, a potential XSS attack exists in Jellyfin which can allow a non-privileged u...

jellyfin jellyfin < 10.11.9 CVE