Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.6 CVE-2026-55660

TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover_CVE-2026-55660

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a ri...

tinacms tinacms < 3.9.3 CVE
MEDIUM 6.3 CVE-2026-54756

Jodit Editor: Prototype pollution via Jodit.configure() / ConfigMerge_CVE-2026-54756

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configure...

xdan jodit < 4.12.18 CVE
MEDIUM 5.4 CVE-2026-54720

Silverstripe Framework: Possible XSS attack through media embed_CVE-2026-54720

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality ...

silverstripe silverstripe-framework < 6.2.2 CVE
HIGH 7.8 CVE-2026-54074

@tinacms/cli: Remote Code Execution via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels_CVE-2026-54074

Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to...

tinacms tinacms < 2.4.3 CVE
MEDIUM 5.3 CVE-2026-14340

An incorrect authorization vulnerability in GitHub Enterprise Server allows issue creation in unrelated public repositories_CVE-2026-14340

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App inst...

GitHub Enterprise Server 3.16.0 CVE
HIGH 7.5 CVE-2026-52198

CVE-2026-52198_CVE-2026-52198

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_4...

n/a n/a n/a CVE
HIGH 7.5 CVE-2026-52193

CVE-2026-52193_CVE-2026-52193

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_4...

n/a n/a n/a CVE
HIGH 8.8 CVE-2026-14084

CVE-2026-14084_CVE-2026-14084

Insufficient validation of untrusted input in Chromoting in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit h...

Google Chrome 150.0.7871.47 CVE
MEDIUM 6.1 CVE-2026-14083

CVE-2026-14083_CVE-2026-14083

Insufficient validation of untrusted input in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or...

Google Chrome 150.0.7871.47 CVE
MEDIUM 6.5 CVE-2026-14082

CVE-2026-14082_CVE-2026-14082

Race in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium secu...

Google Chrome 150.0.7871.47 CVE