Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

399 New today
67,173 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
386
Jun 26
53
Jun 27
318
Jun 28
284
Jun 29
427
Jun 30
42
Jul 1
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.3 CVE-2026-54902

Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback_CVE-2026-54902

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in...

ohler55 oj < 3.17.2 CVE
MEDIUM 6.3 CVE-2026-54901

Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking_CVE-2026-54901

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not m...

ohler55 oj < 3.17.2 CVE
CRITICAL 9.4 CVE-2026-53488

containerd CRI plugin: — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull_CVE-2026-53488

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from ...

containerd containerd < 1.7.33 CVE
LOW 3.3 CVE-2026-41579

runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations_CVE-2026-41579

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5...

opencontainers runc < 1.3.6 CVE
MEDIUM 4.3 CVE-2026-58450

Invoice Ninja 5.13.26 – Open Redirect in Client Portal Login via intended Parameter_CVE-2026-58450

Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect ...

invoiceninja invoiceninja CVE
CRITICAL 9.8 CVE-2026-58449

txtai – Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter_CVE-2026-58449

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolv...

neuml txtai CVE
MEDIUM 6.5 CVE-2026-58448

yudao-cloud < 2026.06 - BPM Module Broken Access Control via process-instance API_CVE-2026-58448

yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated user to access arbitrary ...

YunaiV yudao-cloud CVE
MEDIUM 6.5 CVE-2026-58447

Invidious – Cross-User Playlist Video Deletion via Missing Ownership Check_CVE-2026-58447

Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level authorization vulnerability that allows authenticated attac...

iv-org Invidious CVE
MEDIUM 6.5 CVE-2026-58446

Presenton < 0.8.8-beta - Authentication Bypass of Session Auth via Unprotected MCP Endpoint_CVE-2026-58446

Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication (AUTH_USERNAME/AUTH_PAS...

presenton presenton CVE