Recent Advisories

Severity ID Title Vendor Product Date Type
LOW 3.8 CVE-2026-22919

CVE-2026-22919_CVE-2026-22919

An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, l...

SICK AG TDC-X401GL CVE
LOW 2.9 CVE-2026-0992

Libxml2: libxml2: denial of service via crafted xml catalogs_CVE-2026-0992

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repe...

Red Hat Red Hat Enterprise Linux 10 CVE
LOW 3.7 CVE-2026-0989

Libxml2: unbounded relaxng include recursion leading to stack overflow_CVE-2026-0989

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit o...

Red Hat Red Hat Enterprise Linux 10 CVE
LOW 3.7 CVE-2026-0976

Org.keycloak/keycloak-quarkus-server: keycloak: proxy bypass due to improper handling of matrix parameters in url paths_CVE-2026-0976

A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL p...

Red Hat Red Hat Build of Keycloak CVE
LOW 3.7 CVE-2025-14457

Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.2 - Missing Authorization to Unauthenticated File Deletion_CVE-2025-14457

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ...

glenwpcoder Drag and Drop Multiple File Upload for Contact Form 7 * CVE
LOW 2.4 CVE-2025-14058

CVE-2025-14058_CVE-2025-14058

A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to ...

Lenovo Tab M11 TB330FU TB330XU CVE
LOW 1.3 CVE-2026-23497

Frappe LMS has a Stored XSS via Unsanitized Image Filename in Course and Jobs Pages_CVE-2026-23497

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS...

frappe lms <= 2.44.0 CVE
LOW 3.7 CVE-2026-22036

Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion_CVE-2026-22036

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default m...

nodejs undici < 6.23.0 CVE
LOW 2.3 CVE-2026-21889

Weblate leaks information via screenshots_CVE-2026-21889

Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access cont...

WeblateOrg weblate < 5.15.2 CVE
LOW 3.5 CVE-2025-58409

GPU DDK – Disguised freelist buffers passed to RGXCreateHWRTDataSet can cause arbitrary physical memory writes corrupting memory_CVE-2025-58409

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory p...

Imagination Technologies Graphics DDK 1.15 RTM CVE