Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

289 New today

65,553 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

266

Jun 25

Critical

High

Medium

Low

Latest

CVE CVSS 7.2

HTMLy CMS 3.1.1 Path Traversal via oldfile Parameter in Autosave_CVE-2026-45233

HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized tra...

CVE-2026-45233 danpros htmly

Jun 25, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-13351	net: Maliciously fragmented IPv6 packets can prevent receiving/processing future incoming packets_CVE-2026-13351 Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number of maliciously fragment...	zephyrproject-rtos	Zephyr *	Jun 25, 2026	CVE
LOW 2.3	CVE-2026-13350	CVE-2026-13350_CVE-2026-13350 Permissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create.	pretix	Venueless 0.0.0	Jun 25, 2026	CVE
MEDIUM 6	CVE-2026-6291	Bleichenbacher padding oracle in PKCS#7 KTRI RSA PKCS#1 v1.5 decryption_CVE-2026-6291 Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key transport, wolfSSL returned...	wolfSSL	wolfSSL 3.9.10	Jun 25, 2026	CVE
MEDIUM 6.3	CVE-2026-6094	Heap buffer overread in wc_PKCS7_DecodeEnvelopedData parsing crafted PKCS7 EnvelopedData_CVE-2026-6094 Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-su...	wolfSSL	wolfSSL 5.8.0	Jun 25, 2026	CVE
MEDIUM 6	CVE-2026-6091	Partial-chain verification accepts untrusted intermediate as trust anchor_CVE-2026-6091 Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a truste...	wolfSSL	wolfSSL 5.7.4	Jun 25, 2026	CVE
LOW 2	CVE-2026-55967	AES-GCM streaming APIs do not reject >64 GiB cumulative single messages, enabling counter wrap and keystream reuse_CVE-2026-55967 AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allo...	wolfSSL	wolfSSL 4.8.0	Jun 25, 2026	CVE
HIGH 8.2	CVE-2026-55961	wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer_CVE-2026-55961 wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos,...	wolfSSL	wolfSSL 3.15.7	Jun 25, 2026	CVE
HIGH 7.1	CVE-2026-55700	pnpm: stage download writes outside destination via manifest version traversal_CVE-2026-55700 pnpm is a package manager. From 11.3.0 until 11.5.3, `pnpm stage download` derived a local filename from registry-controlled package name and versi...	pnpm	pnpm >= 11.3.0, < 11.5.3	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-55699	pnpm: reserved bin name deletes PNPM_HOME during global remove_CVE-2026-55699 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a mal...	pnpm	pnpm < 10.34.2	Jun 25, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

HTMLy CMS 3.1.1 Path Traversal via oldfile Parameter in Autosave_CVE-2026-45233

Recent Advisories

net: Maliciously fragmented IPv6 packets can prevent receiving/processing future incoming packets_CVE-2026-13351

CVE-2026-13350_CVE-2026-13350

Bleichenbacher padding oracle in PKCS#7 KTRI RSA PKCS#1 v1.5 decryption_CVE-2026-6291

Heap buffer overread in wc_PKCS7_DecodeEnvelopedData parsing crafted PKCS7 EnvelopedData_CVE-2026-6094

Partial-chain verification accepts untrusted intermediate as trust anchor_CVE-2026-6091

AES-GCM streaming APIs do not reject >64 GiB cumulative single messages, enabling counter wrap and keystream reuse_CVE-2026-55967

wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer_CVE-2026-55961

pnpm: stage download writes outside destination via manifest version traversal_CVE-2026-55700

pnpm: reserved bin name deletes PNPM_HOME during global remove_CVE-2026-55699

Protect Your Attack Surface with RedGem

Security Intelligence
Feed