Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

213 New today

65,798 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

135

Jun 26

Critical

High

Medium

Low

Latest

CVE CVSS 6.5

Authenticated Denial of Service via Malicious Backup Tarball in LXD_CVE-2026-9639

Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expires_...

CVE-2026-9639 Canonical LXD 5.21.0

Jun 26, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-47214	Docling: Unsafe URI and Path Handling in HTML Backend_CVE-2026-47214 Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the...	docling-project	docling < 2.94.0	Jun 26, 2026	CVE
MEDIUM 5.5	CVE-2026-44018	Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend_CVE-2026-44018 Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2....	docling-project	docling >= 2.45.0, < 2.91.0	Jun 26, 2026	CVE
HIGH 8.4	CVE-2026-12411	Broken Access Control in Canonical LXD DevLXD API_CVE-2026-12411 Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another ...	Canonical	lxd 6.6	Jun 26, 2026	CVE
HIGH 8.7	CVE-2026-57518	Pagekit CMS 1.0.18 Privilege Escalation via UserApiController_CVE-2026-57518 Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escala...	pagekit	pagekit 1.0.18	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-57231	Podman: Malformed Image can trick podman run into leaking host environment variables into the container_CVE-2026-57231 Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a k...	podman-container-tools	podman >= 1.8.1, < 5.8.4	Jun 26, 2026	CVE
MEDIUM 5.4	CVE-2026-56823	AutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping Triggering_CVE-2026-56823 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the `POST /ap...	Significant-Gravitas	AutoGPT < 0.6.64	Jun 26, 2026	CVE
HIGH 8.5	CVE-2026-56663	AutoGPT: SSRF-to-RCE Chain in `SendWebRequestBlock` via IP validation bypass and internal `pg-meta` access_CVE-2026-56663 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an auth...	Significant-Gravitas	AutoGPT < 0.6.52	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-55686	Podman: WORKDIR symlink traversal vulnerability_CVE-2026-55686 Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains ...	podman-container-tools	podman >= 3.0.0, < 5.7.1	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-55677	Echo: Encoded slash (%2F) bypasses route-level protection and exposes static files_CVE-2026-55677 Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches rout...	labstack	echo < 4.15.3	Jun 26, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Authenticated Denial of Service via Malicious Backup Tarball in LXD_CVE-2026-9639

Recent Advisories

Docling: Unsafe URI and Path Handling in HTML Backend_CVE-2026-47214

Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend_CVE-2026-44018

Broken Access Control in Canonical LXD DevLXD API_CVE-2026-12411

Pagekit CMS 1.0.18 Privilege Escalation via UserApiController_CVE-2026-57518

Podman: Malformed Image can trick podman run into leaking host environment variables into the container_CVE-2026-57231

AutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping Triggering_CVE-2026-56823

AutoGPT: SSRF-to-RCE Chain in `SendWebRequestBlock` via IP validation bypass and internal `pg-meta` access_CVE-2026-56663

Podman: WORKDIR symlink traversal vulnerability_CVE-2026-55686

Echo: Encoded slash (%2F) bypasses route-level protection and exposes static files_CVE-2026-55677

Protect Your Attack Surface with RedGem

Security Intelligence
Feed