Recent Advisories

Severity ID Title Vendor Product Date Type
LOW 3.7 CVE-2026-0989

Libxml2: unbounded relaxng include recursion leading to stack overflow_CVE-2026-0989

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit o...

Red Hat Red Hat Enterprise Linux 10 CVE
LOW 3.7 CVE-2026-0976

Org.keycloak/keycloak-quarkus-server: keycloak: proxy bypass due to improper handling of matrix parameters in url paths_CVE-2026-0976

A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL p...

Red Hat Red Hat Build of Keycloak CVE
LOW 3.7 CVE-2025-14457

Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.2 - Missing Authorization to Unauthenticated File Deletion_CVE-2025-14457

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ...

glenwpcoder Drag and Drop Multiple File Upload for Contact Form 7 * CVE
LOW 2.4 CVE-2025-14058

CVE-2025-14058_CVE-2025-14058

A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to ...

Lenovo Tab M11 TB330FU TB330XU CVE
LOW 1.3 CVE-2026-23497

Frappe LMS has a Stored XSS via Unsanitized Image Filename in Course and Jobs Pages_CVE-2026-23497

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS...

frappe lms <= 2.44.0 CVE
LOW 3.7 CVE-2026-22036

Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion_CVE-2026-22036

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default m...

nodejs undici < 6.23.0 CVE
LOW 2.3 CVE-2026-21889

Weblate leaks information via screenshots_CVE-2026-21889

Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access cont...

WeblateOrg weblate < 5.15.2 CVE
LOW 3.5 CVE-2025-58409

GPU DDK – Disguised freelist buffers passed to RGXCreateHWRTDataSet can cause arbitrary physical memory writes corrupting memory_CVE-2025-58409

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory p...

Imagination Technologies Graphics DDK 1.15 RTM CVE
LOW 1.1 CVE-2026-0403

Insufficient input validation in NETGEAR Orbi routers_CVE-2026-0403

An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injec...

NETGEAR RBR750 CVE
LOW 3.4 CVE-2025-67685

CVE-2025-67685_CVE-2025-67685

A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versi...

Fortinet FortiSandbox 5.0.0 CVE