Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

143 New today

59,294 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

202

May 22

May 23

111

May 24

204

May 25

336

May 26

455

May 27

326

May 28

451

May 29

206

May 30

May 31

417

Jun 1

295

Jun 2

151

Jun 3

Jun 4

Critical

High

Medium

Low

Latest

CVE CVSS 8

Policy Bypass in LightGlue Nested Config Resolution in huggingface/transformers_CVE-2026-5241

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the `trust_remote_code` parameter, intended to prevent r...

CVE-2026-5241 huggingface huggingface/transformers unspecified

Jun 3, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.1	CVE-2026-48587	Potential exposure of private data via whitespace padding in Vary header_CVE-2026-48587 An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django does not strip leading o...	djangoproject	Django 6.0	Jun 3, 2026	CVE
MEDIUM 6.9	CVE-2026-47325	Weak password policy in ProjectsAndPrograms school-management-system_CVE-2026-47325 ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s da...	ProjectsAndPrograms	school-management-system 6b6fae5	Jun 3, 2026	CVE
MEDIUM 5.1	CVE-2026-47324	Stored XSS in Multiple Points in ProjectsAndPrograms school-management-system_CVE-2026-47324 ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting (XSS) in multiple attributes of students and teachers obj...	ProjectsAndPrograms	school-management-system 6b6fae5	Jun 3, 2026	CVE
LOW 3.7	CVE-2026-44546	Header injection via WebSocket upgrade parser differential allows ASGI scope header spoofing_CVE-2026-44546 daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twis...	djangoproject	daphne 4.2.0	Jun 3, 2026	CVE
MEDIUM 5.3	CVE-2026-44545	Unbounded WebSocket message and frame sizes can cause unauthenticated remote denial of service_CVE-2026-44545 daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both ...	djangoproject	daphne 4.2.0	Jun 3, 2026	CVE
LOW 3.1	CVE-2026-35193	Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware_CVE-2026-35193 An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not add `A...	djangoproject	Django 6.0	Jun 3, 2026	CVE
LOW 1.2	CVE-2026-10729	HTML injection in the notification email for “Slow Redirect” and “Cloned Website” Canarytokens_CVE-2026-10729 An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research ...	Thinkst Applied Research	Canarytokens sha-c42435e	Jun 3, 2026	CVE
HIGH 10	2D33D81A-E898-	Exploit for Improper Access Control in Proftpd_2D33D81A-E898-5537-AD2E-9F2BC986C1A4 OpenVAS-Vulnerability-Analysis-Incident-Response-Report Real-World Simulation: FTP Service Exploitation ProFTPD CVE-2015-3306 Real-World Simulation...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
CRITICAL 10	93A59886-B99C-	Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware_93A59886-B99C-532C-9C2C-E718BDD5A455 No description provided...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Policy Bypass in LightGlue Nested Config Resolution in huggingface/transformers_CVE-2026-5241

Recent Advisories

Potential exposure of private data via whitespace padding in Vary header_CVE-2026-48587

Weak password policy in ProjectsAndPrograms school-management-system_CVE-2026-47325

Stored XSS in Multiple Points in ProjectsAndPrograms school-management-system_CVE-2026-47324

Header injection via WebSocket upgrade parser differential allows ASGI scope header spoofing_CVE-2026-44546

Unbounded WebSocket message and frame sizes can cause unauthenticated remote denial of service_CVE-2026-44545

Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware_CVE-2026-35193

HTML injection in the notification email for “Slow Redirect” and “Cloned Website” Canarytokens_CVE-2026-10729

Exploit for Improper Access Control in Proftpd_2D33D81A-E898-5537-AD2E-9F2BC986C1A4

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware_93A59886-B99C-532C-9C2C-E718BDD5A455

Protect Your Attack Surface with RedGem

Security Intelligence
Feed