Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.8 CVE-2026-54672

electron-updater: Uncontrolled search path elements within `AppImage` built by `app-builder-lib`_CVE-2026-54672

electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty pat...

electron-userland electron-builder < 26.15.0 CVE
MEDIUM 5.1 CVE-2026-50040

Cross-site Scripting in StoneFly Storage Concentrator_CVE-2026-50040

Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. A...

StoneFly Storage Concentrator CVE
MEDIUM 5.6 CVE-2026-28322

SolarWinds Database Performance Analyzer Stored Cross-Site Scripting Vulnerability_CVE-2026-28322

SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to...

SolarWinds Database Performance Analyzer 2026.1 and below CVE
MEDIUM 6.9 CVE-2025-71381

Hono – Vary Header Injection in CORS Middleware_CVE-2025-71381

Hono before 4.10.2 (fixed in 4.10.3) contains a flaw in its CORS middleware: when the origin is not set to "*", the middleware copies the Vary head...

Hono Hono CVE
HIGH 7.6 CVE-2025-71374

picklescan – Arbitrary Code Execution via Undetected profile.Profile.run_CVE-2025-71374

picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when used in pickle reduce methods, allowing attackers to...

picklescan picklescan CVE
HIGH 7.6 CVE-2025-71371

picklescan – Remote Code Execution via code.InteractiveInterpreter Detection Bypass_CVE-2025-71371

picklescan before 0.0.29 fails to detect malicious pickle files using code.InteractiveInterpreter.runcode in reduce methods. Attackers can craft pi...

picklescan picklescan CVE
HIGH 7.6 CVE-2025-71368

picklescan – Arbitrary Code Execution via Undetected doctest.debug_script_CVE-2025-71368

picklescan before 0.0.30 fails to detect the doctest.debug_script function when analyzing pickle files, allowing attackers to execute arbitrary cod...

picklescan picklescan CVE
HIGH 7.6 CVE-2025-71363

picklescan – Arbitrary Code Execution via Undetected cProfile.run in Pickle Deserialization_CVE-2025-71363

picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote...

picklescan picklescan CVE
HIGH 7.6 CVE-2025-71355

Picklescan – Arbitrary Code Execution via Unsafe Numpy Function Detection Bypass_CVE-2025-71355

Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arb...

Picklescan Picklescan CVE
HIGH 7.6 CVE-2025-71352

picklescan – Remote Code Execution via Undetected trace.Trace.runctx in Pickle Files_CVE-2025-71352

picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attacker...

picklescan picklescan CVE