Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.1 CVE-2026-58377

JeecgBoot 3.9.2 – Missing Authorization on OpenAPI Credential Management Endpoints Exposes Access/Secret Keys_CVE-2026-58377

JeecgBoot through 3.9.2 contains a broken access control vulnerability that allows authenticated low-privilege users to perform full create, read, ...

jeecgboot JeecgBoot CVE
HIGH 7.6 CVE-2026-58376

Dolibarr – SQL Injection via sqlfilters Parameter in Multiple REST API List Endpoints_CVE-2026-58376

Dolibarr through 23.0.3, fixed in commit 14db36e, contains a sql injection vulnerability that allows authenticated API users to exfiltrate arbitrar...

Dolibarr dolibarr CVE
CRITICAL 9.3 CVE-2026-58138

Orkes Conductor 3.21.21 < 3.30.2 Unauthenticated RCE via GraalVM Script Evaluators_CVE-2026-58138

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbit...

conductor-oss conductor 3.21.21 CVE
HIGH 7.2 CVE-2026-10513

Webmention <= 5.8.0 - Unauthenticated Stored Cross-Site Scripting via MF2 'photo'/'url' Author Properties_CVE-2026-10513

The Webmention plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.8.0 via parser-derived 'avatar' ...

pfefferle Webmention CVE
MEDIUM 6.5 CVE-2026-43713

CVE-2026-43713_CVE-2026-43713

A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26....

Apple Safari CVE
HIGH 7.5 CVE-2026-43707

CVE-2026-43707_CVE-2026-43707

A memory corruption issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Ta...

Apple Safari CVE
HIGH 8.6 CVE-2026-11590

WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated SQL Injection via filter[elements] Array Keys_CVE-2026-11590

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL s...

Unknown WP Support Plus Responsive Ticket System CVE
HIGH 7.5 CVE-2026-54475

Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover_CVE-2026-54475

Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destination...

Apache Software Foundation Apache ActiveMQ Broker CVE
HIGH 7.5 CVE-2026-53917

Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling_CVE-2026-53917

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. ...

Apache Software Foundation Apache ActiveMQ CVE
HIGH 7.5 CVE-2026-53916

Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec_CVE-2026-53916

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated clie...

Apache Software Foundation Apache ActiveMQ CVE