Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

349 New today

65,663 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

Jun 26

Critical

High

Medium

Low

Latest

CVE CVSS 3.4

Joomla Extension – getk2.com – Stored-XSS in K2 extension for Joomla < 2.26_CVE-2026-48940

A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `<script>` tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page.

CVE-2026-48940 getk2.com K2 extension for Joomla 1.0-2.26

Jun 25, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-12844	List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function_CVE-2026-12844 List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by...	DROLSKY	List::SomeUtils::XS	Jun 25, 2026	CVE
HIGH 7.8	CVE-2026-54917	SeaweedFS: Path traversal in the S3 and Iceberg REST gateways allows cross-bucket access_CVE-2026-54917 SeaweedFS is a distributed storage system for object storage (S3), file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceb...	seaweedfs	seaweedfs < 4.30	Jun 25, 2026	CVE
CRITICAL 9.3	CVE-2026-50549	Cursor Desktop sandbox escape via symlink and failed path canonicalization_CVE-2026-50549 Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, t...	cursor	cursor < 3.0	Jun 25, 2026	CVE
CRITICAL 9.3	CVE-2026-50548	Cursor Desktop sandbox escape via agent-controlled working directory_CVE-2026-50548 Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox g...	cursor	cursor < 3.0	Jun 25, 2026	CVE
HIGH 7.1	CVE-2026-4930	DPA Countermeasures weakening on Series 3 devices_CVE-2026-4930 SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryp...	silabs.com	Simplicity SDK	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-28898	CVE-2026-28898_CVE-2026-28898 swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTT...	Apple	swift-nio-http2	Jun 25, 2026	CVE
LOW 2.3	CVE-2026-57522	Bitwarden Server < 2026.5.0 JSON Injection via Webhook Templates_CVE-2026-57522 Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens(), which substitutes user-co...	bitwarden	server	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-57521	Bitwarden Server < 2026.5.0 Broken Access Control via PreviewInvoiceController_CVE-2026-57521 Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization...	bitwarden	server	Jun 25, 2026	CVE
HIGH 7.1	CVE-2026-57520	Bitwarden Server < 2026.5.0 Privilege Escalation via Bulk User Remove Endpoint_CVE-2026-57520 Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with ManageUsers permission t...	bitwarden	server	Jun 25, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Joomla Extension – getk2.com – Stored-XSS in K2 extension for Joomla < 2.26_CVE-2026-48940

Recent Advisories

List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function_CVE-2026-12844

SeaweedFS: Path traversal in the S3 and Iceberg REST gateways allows cross-bucket access_CVE-2026-54917

Cursor Desktop sandbox escape via symlink and failed path canonicalization_CVE-2026-50549

Cursor Desktop sandbox escape via agent-controlled working directory_CVE-2026-50548

DPA Countermeasures weakening on Series 3 devices_CVE-2026-4930

CVE-2026-28898_CVE-2026-28898

Bitwarden Server < 2026.5.0 JSON Injection via Webhook Templates_CVE-2026-57522

Bitwarden Server < 2026.5.0 Broken Access Control via PreviewInvoiceController_CVE-2026-57521

Bitwarden Server < 2026.5.0 Privilege Escalation via Bulk User Remove Endpoint_CVE-2026-57520

Protect Your Attack Surface with RedGem

Security Intelligence
Feed