Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.4 CVE-2026-55790

Craft CMS: DOM XSS via GitHub issue title in CraftSupport widget_CVE-2026-55790

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub ...

craftcms cms >= 5.0.0-RC1, < 5.9.23 CVE
CRITICAL 9.4 CVE-2026-14439

Path Traversal in Altium Git Service Allows Remote Code Execution_CVE-2026-14439

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequenc...

Altium Altium Enterprise Server CVE
HIGH 8.7 CVE-2026-55794

Craft CMS: Potential authenticated Remote Code Execution via referrer redirect_CVE-2026-55794

Craft CMS is a content management system (CMS). In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries c...

craftcms cms >= 5.9.0, < 5.10.0 CVE
MEDIUM 6 CVE-2026-55792

Craft CMS: Sensitive File Disclosure / Server-Side File Read_CVE-2026-55792

Craft CMS is a content management system (CMS). In versions starting from 4.0.0-RC1 and prior to 4.18.0, and 5.0.0-RC1 and above, prior to 5.10.0, ...

craftcms cms >= 4.0.0-RC1, < 4.18.0 CVE
MEDIUM 6.9 CVE-2026-55791

Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs_CVE-2026-55791

Craft CMS is a content management system (CMS). Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior to 5.10.0, are vulner...

craftcms cms >= 5.0.0-RC1, < 5.10.0 CVE
MEDIUM 6 CVE-2026-50280

Craft CMS: Authorization bypass in `entries/move-to-section` via missing target-section save check_CVE-2026-50280

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 and above prior to 5.9.21, the EntriesController::actionMoveToSection() endpo...

craftcms cms >= 5.0.0-RC1, < 5.9.21 CVE
HIGH 7.6 CVE-2026-50279

Craft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation authorization gap_CVE-2026-50279

Craft CMS is a content management system (CMS). IN versions 5.0.0-RC1 and above prior to 5.9.21, theEntriesController::actionSaveEntry() performs e...

craftcms cms >= 5.0.0-RC1, < 5.9.21 CVE
MEDIUM 4.3 CVE-2026-14092

CVE-2026-14092_CVE-2026-14092

Insufficient policy enforcement in Privacy in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cro...

Google Chrome 150.0.7871.47 CVE
CRITICAL 9.8 CVE-2026-14090

CVE-2026-14090_CVE-2026-14090

Insufficient validation of untrusted input in CameraCapture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to perfor...

Google Chrome 150.0.7871.47 CVE
HIGH 8.8 CVE-2026-14087

CVE-2026-14087_CVE-2026-14087

Heap buffer overflow in WebNN in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process...

Google Chrome 150.0.7871.47 CVE