Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

337 New today

65,687 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

Jun 26

Critical

High

Medium

Low

Latest

CVE CVSS 4.8

Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin_CVE-2026-8661

Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdown_to_pdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP r...

CVE-2026-8661 Rapid7 InsightConnect Markdown Plugin

Jun 26, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-13226	Groundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' Parameter_CVE-2026-13226 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter i...	trainingbusinesspros	Groundhogg — CRM, Newsletters, and Marketing Automation	Jun 26, 2026	CVE
HIGH 8.8	921E88F8-3925-	Exploit for CVE-2026-43503_921E88F8-3925-519D-9067-4928D48E9B4D CVE-2026-43503 — DirtyClone Linux local privilege escalation. A cloned skbuff loses the SKBFLSHAREDFRAG flag, so ESP in-place decryption writes int...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
NONE	1BF0634C-CE51-	Binary-Exploitation-and-Reverse-Engineering_1BF0634C-CE51-5BC4-9278-E457B1143B09 Binary Exploitation & Reverse Engineering Lab Hands-on memory-corruption exploitation and reverse engineering. Three escalating exploitation challe...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
NONE	MSSECURE:AA575A...	Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access_MSSECURE:AA575A60004644ACAFBF2293B2100746 In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. References 4. Learn more Microsoft Threat Intelligen...	N/A	N/A	Jun 25, 2026	MSSECURE
HIGH 7.1	CVE-2026-40941	Cacti: Package Import Signature Validation Bypass Allows Self-Signed Packages_CVE-2026-40941 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass all...	Cacti	cacti < 1.2.31	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-40084	Cacti: Arbitrary File Read via Path Traversal in Report `format_file` Parameter_CVE-2026-40084 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report ...	Cacti	cacti < 1.2.31	Jun 25, 2026	CVE
HIGH 7.2	CVE-2026-40083	Cacti: SQL Injection in managers.php_CVE-2026-40083 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+im...	Cacti	cacti < 1.2.31	Jun 25, 2026	CVE
MEDIUM 5.4	CVE-2026-40082	Cacti: Session Fixation via missing session_regenerate_id() after login_CVE-2026-40082 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing session_regenerate_id() after login, lea...	Cacti	cacti < 1.2.31	Jun 25, 2026	CVE
CRITICAL 9.2	CVE-2026-9222	Setracker2 Children’s Smartwatch Ecosystem Use of password hash instead of password for authentication_CVE-2026-9222 Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend serv...	Shenzhen i365-Tech Co. Ltd.	Setracker2 Parental Control App (Android) package com.tgelec.setracker 3.1.5	Jun 25, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin_CVE-2026-8661

Recent Advisories

Groundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' Parameter_CVE-2026-13226

Exploit for CVE-2026-43503_921E88F8-3925-519D-9067-4928D48E9B4D

Binary-Exploitation-and-Reverse-Engineering_1BF0634C-CE51-5BC4-9278-E457B1143B09

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access_MSSECURE:AA575A60004644ACAFBF2293B2100746

Cacti: Package Import Signature Validation Bypass Allows Self-Signed Packages_CVE-2026-40941

Cacti: Arbitrary File Read via Path Traversal in Report `format_file` Parameter_CVE-2026-40084

Cacti: SQL Injection in managers.php_CVE-2026-40083

Cacti: Session Fixation via missing session_regenerate_id() after login_CVE-2026-40082

Setracker2 Children’s Smartwatch Ecosystem Use of password hash instead of password for authentication_CVE-2026-9222

Protect Your Attack Surface with RedGem

Security Intelligence
Feed