Recent Advisories

Severity ID Title Vendor Product Date Type
LOW 3.1 CVE-2025-55252

HCL AION is affected by a Weak Password Policy vulnerability_CVE-2025-55252

HCL AION  version 2 is affected by a Weak Password Policy vulnerability. This can  allow the use of easily guessable passwords, potentially resulti...

HCL Software AION 2 CVE
LOW 1.8 CVE-2025-55250

HCL AION is affected by a Technical Error Disclosure vulnerability_CVE-2025-55250

HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in...

HCL Software AION 2 CVE
LOW 3.7 CVE-2026-23522

Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion_CVE-2026-23522

LobeChat is an open source chat application platform. Prior to version 2.0.0-next.193, `knowledgeBase.removeFilesFromKnowledgeBase` tRPC ep allows ...

lobehub lobe-chat < 2.0.0-next.193 CVE
LOW 2.2 CVE-2026-0682

Church Admin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter_CVE-2026-0682

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient...

andy_moyle Church Admin * CVE
LOW 3.3 CVE-2025-31186

CVE-2025-31186_CVE-2025-31186

A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences.

Apple Xcode unspecified CVE
LOW 3.3 CVE-2025-24090

CVE-2025-24090_CVE-2025-24090

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a ...

Apple iOS and iPadOS unspecified CVE
LOW 2.6 CVE-2025-61873

CVE-2025-61873_CVE-2025-61873

Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.

bestpractical Request Tracker CVE
LOW 2.9 CVE-2026-22782

RustFS RPC signature verification logs shared secret_CVE-2026-22782

RustFS is a distributed object storage system built in Rust. From >= 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to lo...

rustfs rustfs >= 1.0.0-alpha.1, < 1.0.0-alpha.80 CVE
LOW 3.1 CVE-2025-14822

DoS from quadratic complexity in model.ParseHashtags_CVE-2025-14822

Mattermost versions 10.11.x

Mattermost Mattermost 10.11.0 CVE
LOW 3.7 CVE-2026-22920

CVE-2026-22920_CVE-2026-22920

The device's passwords have not been adequately salted, making them vulnerable to password extraction attacks.

SICK AG TDC-X401GL all versions CVE