Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.8 CVE-2026-14191

WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader_CVE-2026-14191

An out-of-bounds heap write exists in the RAR5 recovery-volume (.rev) parser in WinRAR and UnRAR (RecVolumes5::ReadHeader in recvol5.cpp). The RecI...

RARLAB WinRAR CVE
HIGH 7.8 296ACC10-E41B-

Exploit for CVE-2026-46331_296ACC10-E41B-5DEC-9F18-8C94AA58D927

CVE-2026-46331 pedit COW – Linux net/sched Packet-Editor Page-Cache Poisoning Vulnerability Executive Summary CVE-2026-46331 nicknamed “pedit COW” ...

N/A N/A GITHUBEXPLOIT
HIGH 8.7 6B3CE709-96E1-

Exploit for CVE-2026-55488_6B3CE709-96E1-5BCB-A0D3-411B7678B06A

CVE-2026-55488 Join/Visit https://t.me/thecodeb0ss to get this PoC...

N/A N/A GITHUBEXPLOIT
HIGH 7.5 CVE-2026-54592

Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input_CVE-2026-54592

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doc#each_child, when invoked re...

ohler55 oj < 3.17.3 CVE
HIGH 8.8 CVE-2026-52868

OFFIS DCMTK Toolkit Path Traversal_CVE-2026-52868

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deploymen...

OFFIS DICOM DCMTK Toolkit CVE
HIGH 8.7 CVE-2026-50254

OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime_CVE-2026-50254

An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-p...

OFFIS DICOM DCMTK Toolkit CVE
HIGH 8.7 CVE-2026-35505

OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime_CVE-2026-35505

An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows u...

OFFIS DICOM DCMTK Toolkit CVE
HIGH 7.4 CVE-2026-11541

IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling_CVE-2026-11541

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP requ...

IBM WebSphere Application Server 9.0 CVE
HIGH 7.5 CVE-2026-57585

MessagePack: Out-of-bounds read/crash on Unpacker reuse after caught error_CVE-2026-57585

MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a...

msgpack msgpack-python < 1.2.1 CVE
HIGH 8.7 CVE-2026-57995

phpMyFAQ – Privilege Escalation via Missing Self-Rights Constraint in GroupController::updatePermissions_CVE-2026-57995

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUP_EDIT administrators to ...

phpMyFAQ phpMyFAQ CVE