Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

308 New today
65,238 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
306
Jun 24
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 10 CVE-2026-52813

Gogs: Path Traversal in organization name results in RCE through Git hooks_CVE-2026-52813

Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization names containing path traversal sequences (../) are accepted by Gogs,...

gogs gogs < 0.14.3 CVE
HIGH 7.1 CVE-2026-52812

Gogs: LFS dedupe path leaks private repo content across tenants_CVE-2026-52812

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git LFS storage is content-addressed by OID alone (///) but per-repo authorization...

gogs gogs < 0.14.3 CVE
CRITICAL 9 CVE-2026-52811

Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym_CVE-2026-52811

Gogs is an open source self-hosted Git service. Prior to 0.14.3, (*Repository).UploadRepoFiles checks for symlinks only on the leaf of the upload t...

gogs gogs < 0.14.3 CVE
HIGH 7.1 CVE-2026-52810

Gogs: Write to readonly repositories using receive-pack + service=git-upload-pack confusion_CVE-2026-52810

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied servic...

gogs gogs < 0.14.3 CVE
MEDIUM 6.8 CVE-2026-52809

Gogs: Password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE_LIVES_CVE-2026-52809

Gogs is an open source self-hosted Git service. Prior to 0.14.3, password-reset tokens are generated using conf.Auth.ActivateCodeLives (the account...

gogs gogs < 0.14.3 CVE
HIGH 7.1 CVE-2026-52808

Gogs: Write-level collaborators can mutate admin-only repository settings via API_CVE-2026-52808

Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v...

gogs gogs < 0.14.3 CVE
HIGH 8.5 CVE-2026-52797

Gogs: Overwriting critical files results in a denial of service_CVE-2026-52797

Gogs is an open source self-hosted Git service. Prior to 0.14.0, as an authorized user, an intruder can dictate the value which is passed to the gi...

gogs gogs < 0.14.0 CVE
MEDIUM 6.7 CVE-2026-49278

Rocket.Chat: Livechat Visitor Profile Disclosure Leaks Bearer Token and Enables Visitor Impersonation_CVE-2026-49278

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7...

RocketChat Rocket.Chat >= 8.5.0-rc.0, < 8.5.0 CVE
LOW 2.3 CVE-2026-49277

Rocket.Chat: OAuth access and refresh tokens remain valid after account deactivation_CVE-2026-49277

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7...

RocketChat Rocket.Chat >= 8.5.0-rc.0, < 8.5.0 CVE