Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

314 New today

65,314 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

Jun 25

Critical

High

Medium

Low

Latest

CVE CVSS 7.1

Gogs: Write to readonly repositories using receive-pack + service=git-upload-pack confusion_CVE-2026-52810

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string (so ?service=git-upload-pack is evaluated as read access) while routing still runs git receive-pack, allowing push ...

CVE-2026-52810 gogs gogs < 0.14.3

Jun 24, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.8	CVE-2026-52809	Gogs: Password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE_LIVES_CVE-2026-52809 Gogs is an open source self-hosted Git service. Prior to 0.14.3, password-reset tokens are generated using conf.Auth.ActivateCodeLives (the account...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-52808	Gogs: Write-level collaborators can mutate admin-only repository settings via API_CVE-2026-52808 Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 8.5	CVE-2026-52797	Gogs: Overwriting critical files results in a denial of service_CVE-2026-52797 Gogs is an open source self-hosted Git service. Prior to 0.14.0, as an authorized user, an intruder can dictate the value which is passed to the gi...	gogs	gogs < 0.14.0	Jun 24, 2026	CVE
MEDIUM 6.7	CVE-2026-49278	Rocket.Chat: Livechat Visitor Profile Disclosure Leaks Bearer Token and Enables Visitor Impersonation_CVE-2026-49278 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
LOW 2.3	CVE-2026-49277	Rocket.Chat: OAuth access and refresh tokens remain valid after account deactivation_CVE-2026-49277 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
MEDIUM 4.4	CVE-2026-47733	Rocket.Chat: Missing URL protocol sanitization in ImageElement allows javascript: URLs in markdown images_CVE-2026-47733 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown...	RocketChat	Rocket.Chat < 8.5.0	Jun 24, 2026	CVE
CRITICAL 9.3	CVE-2026-46423	Rocket.Chat: SAML signature validation skipped when IdP certificate field is empty_CVE-2026-46423 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
LOW 2.3	CVE-2026-45757	Rocket.Chat: users.deactivateIdle` deactivates accounts without revoking existing login tokens_CVE-2026-45757 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
CRITICAL 9.1	CVE-2026-45689	Rocket.Chat: Pre-Auth NoSQL Injection in OAuth2 Token Endpoint leading to Arbitrary User ATO_CVE-2026-45689 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Gogs: Write to readonly repositories using receive-pack + service=git-upload-pack confusion_CVE-2026-52810

Recent Advisories

Gogs: Password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE_LIVES_CVE-2026-52809

Gogs: Write-level collaborators can mutate admin-only repository settings via API_CVE-2026-52808

Gogs: Overwriting critical files results in a denial of service_CVE-2026-52797

Rocket.Chat: Livechat Visitor Profile Disclosure Leaks Bearer Token and Enables Visitor Impersonation_CVE-2026-49278

Rocket.Chat: OAuth access and refresh tokens remain valid after account deactivation_CVE-2026-49277

Rocket.Chat: Missing URL protocol sanitization in ImageElement allows javascript: URLs in markdown images_CVE-2026-47733

Rocket.Chat: SAML signature validation skipped when IdP certificate field is empty_CVE-2026-46423

Rocket.Chat: users.deactivateIdle` deactivates accounts without revoking existing login tokens_CVE-2026-45757

Rocket.Chat: Pre-Auth NoSQL Injection in OAuth2 Token Endpoint leading to Arbitrary User ATO_CVE-2026-45689

Protect Your Attack Surface with RedGem

Security Intelligence
Feed