Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

233 New today

65,160 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

228

Jun 24

Critical

High

Medium

Low

Latest

CVE CVSS 1.7

Jellyfin: Potential MKV attachment filename path traversal to RCE_CVE-2026-49246

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a specifically crafted MKV file containing forged filename tags can be leveraged to exploit missing path sanitization during playback. Jellyfin treats the MKV file name tag on MKV attachments as trusted an...

CVE-2026-49246 jellyfin jellyfin < 10.11.10

Jun 24, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.7	CVE-2026-49220	Jellyfin: Potential XSS in user management_CVE-2026-49220 Jellyfin is an open source self hosted media server. Prior to 10.11.9, a potential XSS attack exists in Jellyfin which can allow a non-privileged u...	jellyfin	jellyfin < 10.11.9	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-48793	Jellyfin: Potential FFmpeg argument injection via unescaped subtitle file path_CVE-2026-48793 Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle ...	jellyfin	jellyfin < 10.11.10	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-12760	Denial-of-Service Vulnerability via Malformed IPv4 Fragmentation Handling in TP-Link Tapo C200_CVE-2026-12760 A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 f...	TP-Link Systems Inc.	Tapo C200 v3	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-13038	CVE-2026-13038_CVE-2026-13038 Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HT...	Google	Chrome 149.0.7827.197	Jun 24, 2026	CVE
HIGH 7.8	CVE-2026-13037	CVE-2026-13037_CVE-2026-13037 Use after free in WebView in Google Chrome on Android prior to 149.0.7827.197 allowed a local attacker to execute arbitrary code inside a sandbox v...	Google	Chrome 149.0.7827.197	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-13036	CVE-2026-13036_CVE-2026-13036 Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted...	Google	Chrome 149.0.7827.197	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-13035	CVE-2026-13035_CVE-2026-13035 Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious per...	Google	Chrome 149.0.7827.197	Jun 24, 2026	CVE
MEDIUM 4.7	CVE-2026-13034	CVE-2026-13034_CVE-2026-13034 Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer proce...	Google	Chrome 149.0.7827.197	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-13033	CVE-2026-13033_CVE-2026-13033 Out of bounds read and write in Blink>InterestGroups in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code v...	Google	Chrome 149.0.7827.197	Jun 24, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Jellyfin: Potential MKV attachment filename path traversal to RCE_CVE-2026-49246

Recent Advisories

Jellyfin: Potential XSS in user management_CVE-2026-49220

Jellyfin: Potential FFmpeg argument injection via unescaped subtitle file path_CVE-2026-48793

Denial-of-Service Vulnerability via Malformed IPv4 Fragmentation Handling in TP-Link Tapo C200_CVE-2026-12760

CVE-2026-13038_CVE-2026-13038

CVE-2026-13037_CVE-2026-13037

CVE-2026-13036_CVE-2026-13036

CVE-2026-13035_CVE-2026-13035

CVE-2026-13034_CVE-2026-13034

CVE-2026-13033_CVE-2026-13033

Protect Your Attack Surface with RedGem

Security Intelligence
Feed