Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

48 New today

62,247 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

417

Jun 1

295

Jun 2

151

Jun 3

354

Jun 4

517

Jun 5

109

Jun 6

Jun 7

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

Critical

High

Medium

Low

Latest

CVE CVSS 6.1

MISP event editing allows unauthorized assignment to undisclosed sharing groups_CVE-2026-54397

A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form data and set an event’s sharing_group_id to a sharing group they were not authorized to use. When distribution was set to sharing gr...

CVE-2026-54397 misp misp

Jun 12, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-54396	MISP AuthKey edit endpoint allows authenticated user email enumeration_CVE-2026-54396 An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit reques...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-54395	MISP UiBeta event index reflected XSS in advanced filter popup_CVE-2026-54395 MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScr...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-54394	MISP organisation logo path traversal allows retrieval of arbitrary PNG/SVG files_CVE-2026-54394 MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using ...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-54393	MISP Overmind theme stored XSS via unvalidated homepage setting_CVE-2026-54393 A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage endpoint previously saved the user-cont...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-54362	MISP template builder exposes non-visible custom galaxies across organisations_CVE-2026-54362 An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not ha...	misp	misp	Jun 12, 2026	CVE
HIGH 7.3	CVE-2026-54057	Kitty vulnerable to command injection via unsanitized OSC 21 query reply_CVE-2026-54057 Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 (color-control) query reply reflects attacker-controlled ...	kovidgoyal	kitty < 0.47.3	Jun 12, 2026	CVE
HIGH 7.6	CVE-2026-54056	Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging_CVE-2026-54056 Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, `kitten dnd` can allow a malicious remote drag-and-drop source to over...	kovidgoyal	kitty >= 0.47.0, < 0.47.2	Jun 12, 2026	CVE
LOW 3.7	CVE-2026-53607	@apostrophecms/file pretty-URL Vulnerable to Unauthenticated SSRF via Host header_CVE-2026-53607 ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when `prettyUrls: true` is enabled on `@...	apostrophecms	apostrophe <= 4.30.0	Jun 12, 2026	CVE
MEDIUM 5.4	CVE-2026-53606	sanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes_CVE-2026-53606 ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of...	apostrophecms	sanitize-html < 2.17.5	Jun 12, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

MISP event editing allows unauthorized assignment to undisclosed sharing groups_CVE-2026-54397

Recent Advisories

MISP AuthKey edit endpoint allows authenticated user email enumeration_CVE-2026-54396

MISP UiBeta event index reflected XSS in advanced filter popup_CVE-2026-54395

MISP organisation logo path traversal allows retrieval of arbitrary PNG/SVG files_CVE-2026-54394

MISP Overmind theme stored XSS via unvalidated homepage setting_CVE-2026-54393

MISP template builder exposes non-visible custom galaxies across organisations_CVE-2026-54362

Kitty vulnerable to command injection via unsanitized OSC 21 query reply_CVE-2026-54057

Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging_CVE-2026-54056

@apostrophecms/file pretty-URL Vulnerable to Unauthenticated SSRF via Host header_CVE-2026-53607

sanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes_CVE-2026-53606

Protect Your Attack Surface with RedGem

Security Intelligence
Feed