Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

161 New today

65,709 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

Jun 26

Critical

High

Medium

Low

Latest

CVE CVSS 5.4

Cacti: Session Fixation via missing session_regenerate_id() after login_CVE-2026-40082

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing session_regenerate_id() after login, leading to Session Fixation. session_regenerate_id() is NOT called after successful login. The login flow at auth_login.php:203-207 d...

CVE-2026-40082 Cacti cacti < 1.2.31

Jun 25, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.2	CVE-2026-9222	Setracker2 Children’s Smartwatch Ecosystem Use of password hash instead of password for authentication_CVE-2026-9222 Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend serv...	Shenzhen i365-Tech Co. Ltd.	Setracker2 Parental Control App (Android) package com.tgelec.setracker 3.1.5	Jun 25, 2026	CVE
HIGH 8.7	CVE-2026-9221	Setracker2 Children’s Smartwatch Ecosystem Use of a Broken or Risky Cryptographic Algorithm_CVE-2026-9221 The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating ...	Shenzhen i365-Tech Co. Ltd.	Setracker2 Parental Control App (Android) package com.tgelec.setracker	Jun 25, 2026	CVE
HIGH 8.7	CVE-2026-9220	Setracker2 Children’s Smartwatch Ecosystem Use of hard-coded cryptographic key_CVE-2026-9220 Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hard...	Shenzhen i365-Tech Co. Ltd.	Setracker2 Parental Control App (Android) package com.tgelec.setracker 3.1.5	Jun 25, 2026	CVE
HIGH 8.3	CVE-2026-9219	Setracker2 Children’s Smartwatch Ecosystem Generation of Predictable Numbers or Identifiers_CVE-2026-9219 Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment...	Shenzhen i365-Tech Co. Ltd.	Setracker2 Parental Control App (Android) package com.tgelec.setracker	Jun 25, 2026	CVE
MEDIUM 6.9	CVE-2026-43920	FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution_CVE-2026-43920 FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in ...	FOSSBilling	FOSSBilling >= 0.5.4, < 0.8.0	Jun 25, 2026	CVE
MEDIUM 6.4	CVE-2026-13318	Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip_CVE-2026-13318 A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a Virtua...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 25, 2026	CVE
MEDIUM 4.2	CVE-2026-13218	Kubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcher_CVE-2026-13218 A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.W...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 25, 2026	CVE
MEDIUM 6.9	CVE-2026-13083	Pen-drive: pen-drive: stored xss via unescaped cluster data in html report_CVE-2026-13083 A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An ...	Red Hat	Pen Drive Powered by Red Hat Lightspeed	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-12993	Apicurio/apicurio-registry: apicurio-registry: xml entity-expansion denial of service via internal dtd subset_CVE-2026-12993 A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE dec...	Red Hat	Red Hat build of Apicurio Registry 3	Jun 25, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Cacti: Session Fixation via missing session_regenerate_id() after login_CVE-2026-40082

Recent Advisories

Setracker2 Children’s Smartwatch Ecosystem Use of password hash instead of password for authentication_CVE-2026-9222

Setracker2 Children’s Smartwatch Ecosystem Use of a Broken or Risky Cryptographic Algorithm_CVE-2026-9221

Setracker2 Children’s Smartwatch Ecosystem Use of hard-coded cryptographic key_CVE-2026-9220

Setracker2 Children’s Smartwatch Ecosystem Generation of Predictable Numbers or Identifiers_CVE-2026-9219

FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution_CVE-2026-43920

Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip_CVE-2026-13318

Kubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcher_CVE-2026-13218

Pen-drive: pen-drive: stored xss via unescaped cluster data in html report_CVE-2026-13083

Apicurio/apicurio-registry: apicurio-registry: xml entity-expansion denial of service via internal dtd subset_CVE-2026-12993

Protect Your Attack Surface with RedGem

Security Intelligence
Feed