Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

227 New today

66,926 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

386

Jun 26

Jun 27

318

Jun 28

284

Jun 29

222

Jun 30

Critical

High

Medium

Low

Latest

CVE CVSS 7

Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook_CVE-2026-44949

A Rancher FleetWorkspace admission path allowed side effects to occur in the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to the in-cluster rancher-webho...

CVE-2026-44949 SUSE Rancher 0.7.0

Jun 30, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-44947	Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher_CVE-2026-44947 A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 a...	SUSE	Rancher 2.13.0	Jun 30, 2026	CVE
HIGH 8.8	CVE-2026-27957	Coolify: Authenticated RCE via command injection in CA certificate management feature_CVE-2026-27957 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, an authenticated comma...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
MEDIUM 4.3	CVE-2026-27956	Coolify: Cross-team application domain enumeration via domains_by_server endpoint_CVE-2026-27956 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, `GET /api/v1/servers/{...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
MEDIUM 6.6	CVE-2026-27955	Coolify: Command Injection via Single-Quote Breakout in `executeInDocker()`_CVE-2026-27955 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the executeInDocker() ...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
MEDIUM 5	CVE-2026-27883	Coolify: IDOR in Deployment API – Cross-Team Deployment Information Disclosure_CVE-2026-27883 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the `GET /api/v1/deplo...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
MEDIUM 4.8	CVE-2026-27882	Coolify: Timing Attack in GitLab Webhook Token Validation_CVE-2026-27882 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.461, the GitLab webhook end...	coollabsio	coolify < 4.0.0-beta.461	Jun 30, 2026	CVE
MEDIUM 5	CVE-2026-27881	Coolify: Cross-team deployment information disclosure via GET /api/v1/deployments/{uuid} (IDOR)_CVE-2026-27881 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, `GET /api/v1/deploymen...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
CRITICAL 9.3	CVE-2026-48315	ColdFusion \| Improper Input Validation (CWE-20)_CVE-2026-48315 ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code exec...	Adobe	ColdFusion	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-48314	ColdFusion \| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) (CWE-22)_CVE-2026-48314 ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v...	Adobe	ColdFusion	Jun 30, 2026	CVE

Security Intelligence
Feed

Daily Security Trends (Last 14 Days)

Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook_CVE-2026-44949

Recent Advisories

Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher_CVE-2026-44947

Coolify: Authenticated RCE via command injection in CA certificate management feature_CVE-2026-27957

Coolify: Cross-team application domain enumeration via domains_by_server endpoint_CVE-2026-27956

Coolify: Command Injection via Single-Quote Breakout in `executeInDocker()`_CVE-2026-27955

Coolify: IDOR in Deployment API – Cross-Team Deployment Information Disclosure_CVE-2026-27883

Coolify: Timing Attack in GitLab Webhook Token Validation_CVE-2026-27882

Coolify: Cross-team deployment information disclosure via GET /api/v1/deployments/{uuid} (IDOR)_CVE-2026-27881

ColdFusion | Improper Input Validation (CWE-20)_CVE-2026-48315

ColdFusion | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) (CWE-22)_CVE-2026-48314

Protect Your Attack Surface with RedGem

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook_CVE-2026-44949

Recent Advisories

Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher_CVE-2026-44947

Coolify: Authenticated RCE via command injection in CA certificate management feature_CVE-2026-27957

Coolify: Cross-team application domain enumeration via domains_by_server endpoint_CVE-2026-27956

Coolify: Command Injection via Single-Quote Breakout in `executeInDocker()`_CVE-2026-27955

Coolify: IDOR in Deployment API – Cross-Team Deployment Information Disclosure_CVE-2026-27883

Coolify: Timing Attack in GitLab Webhook Token Validation_CVE-2026-27882

Coolify: Cross-team deployment information disclosure via GET /api/v1/deployments/{uuid} (IDOR)_CVE-2026-27881

ColdFusion | Improper Input Validation (CWE-20)_CVE-2026-48315

ColdFusion | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) (CWE-22)_CVE-2026-48314

Protect Your Attack Surface with RedGem

Security Intelligence
Feed