Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

356 New today
66,052 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
386
Jun 26
3
Jun 27
Critical
High
Medium
Low
Latest
CVE CVSS 8.2

Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials_CVE-2026-50137

Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace id (app_...) and an S3-source datasource id (ds_...) can call this endpoint with no auth and obtain a 15-minute pre-signed PUT URL minted on the victim's...

CVE-2026-50137 Budibase budibase < 3.39.0
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.4 CVE-2026-50136

Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials_CVE-2026-50136

Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObje...

Budibase budibase < 3.39.3 CVE
HIGH 7.3 CVE-2026-50132

Budibase: Chat Identity Link Hijacking via Missing Consent & CSRF — Account Impersonation in Budibase_CVE-2026-50132

Budibase is an open-source low-code platform. Prior to 3.39.0, `GET /api/chat-links/:instance/:token/handoff` is a public endpoint (no auth require...

Budibase budibase < 3.39.0 CVE
HIGH 7.8 CVE-2026-48800

Notepad++: Arbitrary Code Execution via shortcuts.xml UserCommand Injection_CVE-2026-48800

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::value(a...

notepad-plus-plus notepad-plus-plus < 8.9.6.1 CVE
HIGH 7.8 CVE-2026-48778

Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter_CVE-2026-48778

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value() (Parameters.cpp:6430) a...

notepad-plus-plus notepad-plus-plus < 8.9.6.1 CVE
MEDIUM 5 CVE-2026-48770

Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash_CVE-2026-48770

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malfor...

notepad-plus-plus notepad-plus-plus < 8.9.6.1 CVE
HIGH 7.5 CVE-2026-46710

Notepad++: Privilege Escalation in the Installer via Uncontrolled Executable Search Path_CVE-2026-46710

Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in th...

notepad-plus-plus notepad-plus-plus >= 8.9.4, < 8.9.6 CVE
HIGH 8.7 CVE-2026-55069

Kestra BasicAuth Password Stored as SHA-512 Enables Offline Brute-Force Attack_CVE-2026-55069

Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component...

kestra-io kestra < 1.3.24 CVE
MEDIUM 6.5 CVE-2026-53577

Kestra: Cross-Execution File Read via Preview Endpoint (IDOR)_CVE-2026-53577

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint (GET /api/v1/{tena...

kestra-io kestra < 1.0.45 CVE
CRITICAL 10 CVE-2026-53576

Kestra: Unauthenticated RCE via /configs path-suffix auth-filter bypass_CVE-2026-53576

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/ap...

kestra-io kestra < 1.0.45 CVE