Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

334 New today
67,038 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
386
Jun 26
53
Jun 27
318
Jun 28
284
Jun 29
334
Jun 30
Jul 1
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-58375

JimuReport 2.5.0 – Unauthenticated Report Export via /jmreport/auto/export_CVE-2026-58375

JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so ...

jeecgboot jimureport CVE
MEDIUM 4.3 CVE-2026-58373

CVAT < 2.69.0 - Missing Authorization on Quality Reports parent_id Filter Leaks Cross-Organization Report Existence_CVE-2026-58373

CVAT before 2.69.0 contains an improper authorization vulnerability in QualityReportViewSet.get_queryset that allows authenticated attackers to enu...

cvat-ai cvat CVE
HIGH 8.1 CVE-2026-58372

SeaweedFS < 4.34 - Cross-Bucket Object Deletion via DeleteObjects Request-Body Keys_CVE-2026-58372

SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler that allows authenticated S3 principal...

seaweedfs seaweedfs CVE
LOW 3.1 CVE-2026-58371

SeaweedFS < 4.30 - Cross-Origin Information Disclosure via Unvalidated JSONP callback Parameter_CVE-2026-58371

SeaweedFS before 4.30 reflects the callback query parameter verbatim into responses served with Content-Type application/javascript in the shared w...

seaweedfs seaweedfs CVE
HIGH 8.1 CVE-2026-58370

Woodpecker < 3.15.0 - GitLab Approval Gate Bypass via Spoofable Commit Author Name_CVE-2026-58370

Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is popu...

woodpecker-ci woodpecker CVE
MEDIUM 5.3 CVE-2026-58369

Woodpecker < 3.15.0 - Unauthenticated NULL Pointer Dereference in /api/orgs/lookup Enables Log-Flooding Denial of Service_CVE-2026-58369

Woodpecker before 3.15.0 registers the /api/orgs/lookup/*org_full_name endpoint without authentication middleware, and the LookupOrg handler uncond...

woodpecker-ci woodpecker CVE
MEDIUM 6.5 CVE-2026-58176

RuoYi-Vue-Plus – Missing Authorization on Workflow Task Management Endpoints_CVE-2026-58176

RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task management endpoints under /workflow/task (FlwTaskController) without ...

dromara RuoYi-Vue-Plus CVE
MEDIUM 6.5 CVE-2026-58174

Hermes WebUI < 0.51.521 - Cross-Profile Authorization Bypass via Unset Session Profile on Import_CVE-2026-58174

Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object withou...

nesquena hermes-webui CVE
MEDIUM 6.5 CVE-2026-58173

Vibe-Trading < 0.1.10 - Path Traversal via Persistent Memory Type_CVE-2026-58173

Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory ...

HKUDS Vibe-Trading CVE