Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

234 New today

65,696 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

Jun 26

Critical

High

Medium

Low

Latest

CVE CVSS 8.7

Setracker2 Children’s Smartwatch Ecosystem Use of hard-coded cryptographic key_CVE-2026-9220

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic.

CVE-2026-9220 Shenzhen i365-Tech Co. Ltd. Setracker2 Parental Control App (Android) package com.tgelec.setracker 3.1.5

Jun 25, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.3	CVE-2026-9219	Setracker2 Children’s Smartwatch Ecosystem Generation of Predictable Numbers or Identifiers_CVE-2026-9219 Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment...	Shenzhen i365-Tech Co. Ltd.	Setracker2 Parental Control App (Android) package com.tgelec.setracker	Jun 25, 2026	CVE
MEDIUM 6.9	CVE-2026-43920	FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution_CVE-2026-43920 FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in ...	FOSSBilling	FOSSBilling >= 0.5.4, < 0.8.0	Jun 25, 2026	CVE
MEDIUM 6.4	CVE-2026-13318	Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip_CVE-2026-13318 A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a Virtua...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 25, 2026	CVE
MEDIUM 4.2	CVE-2026-13218	Kubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcher_CVE-2026-13218 A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.W...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 25, 2026	CVE
MEDIUM 6.9	CVE-2026-13083	Pen-drive: pen-drive: stored xss via unescaped cluster data in html report_CVE-2026-13083 A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An ...	Red Hat	Pen Drive Powered by Red Hat Lightspeed	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-12993	Apicurio/apicurio-registry: apicurio-registry: xml entity-expansion denial of service via internal dtd subset_CVE-2026-12993 A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE dec...	Red Hat	Red Hat build of Apicurio Registry 3	Jun 25, 2026	CVE
LOW 3.8	CVE-2026-13322	Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service_CVE-2026-13322 A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buff...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 26, 2026	CVE
NONE	E07672B6-E349-	netproto_toolkit_E07672B6-E349-5FE5-953E-0A86375F7597 netprototoolkit Network protocol security research toolkit in Python, covering the full workflow from traffic capture through protocol fuzzing to e...	N/A	N/A	Jun 25, 2026	GITHUBEXPLOIT
NONE	MSSECURE:A4C90F...	StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them_MSSECURE:A4C90F6D8F83B1BF96EC12CDFC5FC84E In this article 1. The role of infostealers: From credential theft to intrusion 2. StealC: Infostealer for rent 3. Amadey: Malware-as-a-serv...	N/A	N/A	Jun 24, 2026	MSSECURE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Setracker2 Children’s Smartwatch Ecosystem Use of hard-coded cryptographic key_CVE-2026-9220

Recent Advisories

Setracker2 Children’s Smartwatch Ecosystem Generation of Predictable Numbers or Identifiers_CVE-2026-9219

FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution_CVE-2026-43920

Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip_CVE-2026-13318

Kubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcher_CVE-2026-13218

Pen-drive: pen-drive: stored xss via unescaped cluster data in html report_CVE-2026-13083

Apicurio/apicurio-registry: apicurio-registry: xml entity-expansion denial of service via internal dtd subset_CVE-2026-12993

Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service_CVE-2026-13322

netproto_toolkit_E07672B6-E349-5FE5-953E-0A86375F7597

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them_MSSECURE:A4C90F6D8F83B1BF96EC12CDFC5FC84E

Protect Your Attack Surface with RedGem

Security Intelligence
Feed