Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

412 New today
67,189 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
386
Jun 26
53
Jun 27
318
Jun 28
284
Jun 29
427
Jun 30
58
Jul 1
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-12923

Video Gallery <= 4.0.3 - Authenticated (Subscriber+) Arbitrary Function Call via 'path' Parameter_CVE-2026-12923

The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficie...

emarket-design Video Gallery – YouTube Gallery, Playlist & Video Grid CVE
MEDIUM 4.3 CVE-2026-12904

Kadence Blocks <= 3.7.7 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Optimizer Data Deletion/Read/Modification via 'post_path' Parameter_CVE-2026-12904

The Kadence Blocks – Gutenberg Blocks for Page Builder Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions ...

stellarwp Kadence Blocks — Page Builder Toolkit for Gutenberg Editor CVE
MEDIUM 4.3 CVE-2026-12902

Kadence Blocks <= 3.7.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Attachment Creation via kadence_import_process_pattern/kadence_import_process_data AJAX Actions_CVE-2026-12902

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, an...

stellarwp Kadence Blocks — Page Builder Toolkit for Gutenberg Editor CVE
MEDIUM 6.4 CVE-2026-12135

FV Flowplayer Video Player <= 7.5.51.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'video_player' Shortcode_CVE-2026-12135

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'video_player' shortcode 'align' attribute...

foliovision FV Flowplayer Video Player CVE
MEDIUM 4.3 CVE-2026-12133

JoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Deletion via season_groupdel AJAX action_CVE-2026-12133

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group D...

beardev JoomSport – for Sports: Team & League, Football, Hockey & more CVE
MEDIUM 5.3 CVE-2026-12127

WPForms <= 1.10.2 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via Reply-To Display Name_CVE-2026-12127

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutra...

smub WPForms – AI Form Builder for WordPress – Contact Forms, Payment Forms, Survey Form, Quiz & More CVE
MEDIUM 4.3 CVE-2026-12113

Appointment Booking Calendar <= 1.4.02 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure_CVE-2026-12113

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.02 ...

codepeople Appointment Booking Calendar CVE
HIGH 8.8 THN:FE09861FDCE...

Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service_THN:FE09861FDCE8BC6B6F921CB252CBE830

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkaU5jHNUkuBuH0Obx-gU_L4wSKOWP9bPwZeyD8tY1hIHShQozXYO2UckRTb2z5SwreXgHxLzePWkBfixNzY...

N/A N/A THN
NONE 1982C445-A0DC-

sftp-poc-monorepo_1982C445-A0DC-5AFB-83E3-957529DA1061

SFTP POC This repo now includes a complete local SFTP proof of concept: - sftp-server-go/ — Go SFTP server - scripts/poc-upload.sh — OpenSSH client...

N/A N/A GITHUBEXPLOIT