Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.7 CVE-2026-35505

OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime_CVE-2026-35505

An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows u...

OFFIS DICOM DCMTK Toolkit CVE
HIGH 7.4 CVE-2026-11541

IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling_CVE-2026-11541

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP requ...

IBM WebSphere Application Server 9.0 CVE
HIGH 7.5 CVE-2026-57585

MessagePack: Out-of-bounds read/crash on Unpacker reuse after caught error_CVE-2026-57585

MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a...

msgpack msgpack-python < 1.2.1 CVE
HIGH 8.7 CVE-2026-57995

phpMyFAQ – Privilege Escalation via Missing Self-Rights Constraint in GroupController::updatePermissions_CVE-2026-57995

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUP_EDIT administrators to ...

phpMyFAQ phpMyFAQ CVE
HIGH 7.1 CVE-2026-56328

Capgo – Integrity Issue in Release Routing via Multiple Public Channels_CVE-2026-56328

Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist simultaneously, while unnamed /updates requests with...

Capgo Capgo CVE
HIGH 7.1 CVE-2026-56320

Capgo – Org/App Scope Mismatch in Device Creation Endpoint_CVE-2026-56320

Capgo before 12.128.2 contains an authorization flaw in POST /private/create_device that accepts a caller-supplied org_id parameter without validat...

Capgo Capgo CVE
HIGH 8.7 CVE-2026-56300

Capgo – Unauthenticated API Key Validity and Permission Oracle via RPC Functions_CVE-2026-56300

Capgo before 12.128.2 contains unauthenticated security definer RPC functions get_user_id and get_org_perm_for_apikey that expose API key validity ...

Capgo Capgo CVE
HIGH 7 CVE-2026-56286

Capgo – Account Deletion Without Password Confirmation_CVE-2026-56286

Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion endpoint that allows deletion without password re-aut...

Capgo Capgo CVE
HIGH 7.2 CVE-2026-56249

Capgo – Unauthorized Channel Overwrite and Ownership Takeover via POST /channel Name Collision_CVE-2026-56249

Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite ...

Capgo Capgo CVE
HIGH 8.7 CVE-2026-56247

Capgo – Privilege Escalation via Cross-Scope RBAC Role Assignment_CVE-2026-56247

Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pend...

Capgo Capgo CVE