Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

318 New today
67,218 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
386
Jun 26
53
Jun 27
318
Jun 28
284
Jun 29
427
Jun 30
87
Jul 1
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.9 CVE-2026-56318

Capgo – Information Disclosure via /private/validate_password_compliance Endpoint_CVE-2026-56318

Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validate_password_compliance endpoint that returns different...

Capgo Capgo CVE
HIGH 8.7 CVE-2026-56300

Capgo – Unauthenticated API Key Validity and Permission Oracle via RPC Functions_CVE-2026-56300

Capgo before 12.128.2 contains unauthenticated security definer RPC functions get_user_id and get_org_perm_for_apikey that expose API key validity ...

Capgo Capgo CVE
HIGH 7 CVE-2026-56286

Capgo – Account Deletion Without Password Confirmation_CVE-2026-56286

Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion endpoint that allows deletion without password re-aut...

Capgo Capgo CVE
CRITICAL 9.3 CVE-2026-56278

Flowise – Session Hijacking via Weak Default Express Session Secret_CVE-2026-56278

Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses a weak hardcoded default secret ('flowise') for the express-session middleware whe...

Flowise Flowise CVE
MEDIUM 6.9 CVE-2026-56277

Flowise – Hardcoded CORS Wildcard in TTS Endpoint_CVE-2026-56277

Flowise before 3.1.2 sets Access-Control-Allow-Origin to a hardcoded wildcard (*) on its text-to-speech (TTS) generation endpoint (packages/server/...

Flowise Flowise CVE
CRITICAL 9.2 CVE-2026-56264

Crawl4AI – Arbitrary JavaScript Execution via /execute_js Endpoint_CVE-2026-56264

Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API server's /execute_js endpoint, which accepts and e...

Crawl4AI Crawl4AI 0.8.7 CVE
HIGH 7.2 CVE-2026-56249

Capgo – Unauthorized Channel Overwrite and Ownership Takeover via POST /channel Name Collision_CVE-2026-56249

Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite ...

Capgo Capgo CVE
HIGH 8.7 CVE-2026-56247

Capgo – Privilege Escalation via Cross-Scope RBAC Role Assignment_CVE-2026-56247

Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pend...

Capgo Capgo CVE
HIGH 8.7 CVE-2026-56233

Capgo – SSRF and Privilege Escalation via Path Traversal in Builder Upload Proxy_CVE-2026-56233

Capgo before 12.128.2 contains a path traversal vulnerability in the builder upload proxy that allows authenticated users with build permissions to...

Capgo Capgo CVE