Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.8 CVE-2026-58165

OpenZiti – Privilege Escalation to Admin via Unauthorized Enrollment Creation_CVE-2026-58165

OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with ...

openziti ziti CVE
HIGH 7.5 CVE-2026-49451

Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing_CVE-2026-49451

The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML...

microsoft OpenAPI.NET >= 2.0.0-preview11, < 2.7.5 CVE
HIGH 7.8 289C51DB-789E-

Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft_289C51DB-789E-5BBC-869B-291AC527B641

CVE-2026-21509 — Microsoft Office OLE Security-Feature Bypass Research writeup by Sentinel AI Defense. Defensive analysis only — no working exploit...

N/A N/A GITHUBEXPLOIT
HIGH 8.1 CVE-2026-43735

CVE-2026-43735_CVE-2026-43735

The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious w...

Apple Safari CVE
HIGH 7.5 CVE-2026-43721

CVE-2026-43721_CVE-2026-43721

This issue was addressed through improved state management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2....

Apple Safari CVE
HIGH 8.3 CVE-2026-43701

CVE-2026-43701_CVE-2026-43701

The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious w...

Apple Safari CVE
HIGH 7.3 CVE-2026-55957

Apache Tomcat: Authentication bypass with JNDIRealm and GSSAPI authenticated bind_CVE-2026-55957

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed...

Apache Software Foundation Apache Tomcat 11.0.0-M1 CVE
HIGH 7.3 CVE-2026-53404

Apache Tomcat: Bad ornext processing in RewriteValve_CVE-2026-53404

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matche...

Apache Software Foundation Apache Tomcat 11.0.0-M1 CVE
HIGH 7.5 CVE-2026-51221

CVE-2026-51221_CVE-2026-51221

A buffer overflow in the Get_Attribute_List function of EIPStackGroup OpENer commit 76b95c allows attackers to cause a Denial of Service (DoS) via ...

n/a n/a n/a CVE
HIGH 8.8 CVE-2026-11589

WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated Stored XSS via File Upload_CVE-2026-11589

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated use...

Unknown WP Support Plus Responsive Ticket System CVE