Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.7 CVE-2026-56230

Capgo – Broken Object Level Authorization via x-limited-key-id Header_CVE-2026-56230

Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey() that accepts the client-controlled x-limited-ke...

Capgo Capgo CVE
HIGH 8.7 CVE-2026-56219

Capgo – Unauthenticated RBAC Bindings and Email Disclosure via get_org_user_access_rbac NULL-auth Bypass_CVE-2026-56219

Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.get_org_user_access_rbac function that allows unauthenticated attacke...

Capgo Capgo CVE
HIGH 8.2 CVE-2026-54673

electron-updater: Cross-origin redirect leaks `PRIVATE-TOKEN` and mixed-case `Authorization` credentials in `builder-util-runtime`_CVE-2026-54673

electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler (HttpExecutor.prepareRedirectUrlOptions)...

electron-userland electron-builder < 26.15.0 CVE
HIGH 7.8 CVE-2026-54672

electron-updater: Uncontrolled search path elements within `AppImage` built by `app-builder-lib`_CVE-2026-54672

electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty pat...

electron-userland electron-builder < 26.15.0 CVE
HIGH 7.6 CVE-2025-71374

picklescan – Arbitrary Code Execution via Undetected profile.Profile.run_CVE-2025-71374

picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when used in pickle reduce methods, allowing attackers to...

picklescan picklescan CVE
HIGH 7.6 CVE-2025-71371

picklescan – Remote Code Execution via code.InteractiveInterpreter Detection Bypass_CVE-2025-71371

picklescan before 0.0.29 fails to detect malicious pickle files using code.InteractiveInterpreter.runcode in reduce methods. Attackers can craft pi...

picklescan picklescan CVE
HIGH 7.6 CVE-2025-71368

picklescan – Arbitrary Code Execution via Undetected doctest.debug_script_CVE-2025-71368

picklescan before 0.0.30 fails to detect the doctest.debug_script function when analyzing pickle files, allowing attackers to execute arbitrary cod...

picklescan picklescan CVE
HIGH 7.6 CVE-2025-71363

picklescan – Arbitrary Code Execution via Undetected cProfile.run in Pickle Deserialization_CVE-2025-71363

picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote...

picklescan picklescan CVE
HIGH 7.6 CVE-2025-71355

Picklescan – Arbitrary Code Execution via Unsafe Numpy Function Detection Bypass_CVE-2025-71355

Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arb...

Picklescan Picklescan CVE
HIGH 7.6 CVE-2025-71352

picklescan – Remote Code Execution via Undetected trace.Trace.runctx in Pickle Files_CVE-2025-71352

picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attacker...

picklescan picklescan CVE