Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

353 New today

66,068 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

386

Jun 26

Jun 27

Critical

High

Medium

Low

Latest

CVE CVSS 9.8

Server side template inject (SSTI) in Edgewall Genshi Template Engine_CVE-2026-0685

Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.

CVE-2026-0685 Edgewall Genshi 0.7.9

Jun 26, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.6	CVE-2025-11919	Unprotected temporary directories in Wolfram Cloud may result in privilege escalation_CVE-2025-11919 The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp...	Wolfram Research Inc.	Cloud 14.2	Jun 26, 2026	CVE
HIGH 8.1	CVE-2026-56876	extract-zip unvalidated symlink path traversal_CVE-2026-56876 extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relati...	max-mapper	extract-zip	Jun 26, 2026	CVE
MEDIUM 6.3	CVE-2026-55448	mise: Local credential_command executes untrusted config_CVE-2026-55448 mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_command from local proj...	jdx	mise < 2026.6.4	Jun 26, 2026	CVE
HIGH 8.6	CVE-2026-55441	mise: Arbitrary command execution via task-include files in an untrusted, config-less repository_CVE-2026-55441 mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (mise.toml, .tool-versio...	jdx	mise < 2026.6.4	Jun 26, 2026	CVE
MEDIUM 5.5	CVE-2026-54557	mise HTTP backend uses raw version path for install symlink destination_CVE-2026-54557 mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination fro...	jdx	mise < 2026.6.1	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-54341	Dragonfly: RESTORE operations may crash the server_CVE-2026-54341 Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds r...	dragonflydb	dragonfly < 1.39.0	Jun 26, 2026	CVE
LOW 2.3	CVE-2026-47206	Dragonfly: RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer_CVE-2026-47206 Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis...	dragonflydb	dragonfly < 1.38.9	Jun 26, 2026	CVE
CRITICAL 9.6	CVE-2026-33646	mise: Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)_CVE-2026-33646 mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template e...	jdx	mise < 2026.3.10	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-48743	Envoy: HTTP/3 to HTTP/1 request smuggling via headers-only request with nonzero Content-Length_CVE-2026-48743 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can tran...	envoyproxy	envoy >= 1.38.0, < 1.38.1	Jun 26, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Server side template inject (SSTI) in Edgewall Genshi Template Engine_CVE-2026-0685

Recent Advisories

Unprotected temporary directories in Wolfram Cloud may result in privilege escalation_CVE-2025-11919

extract-zip unvalidated symlink path traversal_CVE-2026-56876

mise: Local credential_command executes untrusted config_CVE-2026-55448

mise: Arbitrary command execution via task-include files in an untrusted, config-less repository_CVE-2026-55441

mise HTTP backend uses raw version path for install symlink destination_CVE-2026-54557

Dragonfly: RESTORE operations may crash the server_CVE-2026-54341

Dragonfly: RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer_CVE-2026-47206

mise: Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)_CVE-2026-33646

Envoy: HTTP/3 to HTTP/1 request smuggling via headers-only request with nonzero Content-Length_CVE-2026-48743

Protect Your Attack Surface with RedGem

Security Intelligence
Feed