Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.7 CVE-2026-44628

OFFIS DCMTK Toolkit Type Confusion_CVE-2026-44628

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directo...

OFFIS DICOM DCMTK Toolkit CVE
HIGH 8.7 CVE-2026-13207

Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing_CVE-2026-13207

FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fai...

Frangoteam FUXA SCADA/HMI 1.3.1 CVE
HIGH 8.5 CVE-2026-11594

IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities_CVE-2026-11594

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console.

IBM WebSphere Application Server 9.0 CVE
HIGH 8.1 CVE-2025-36359

IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability._CVE-2025-36359

IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to i...

IBM DevOps Automation 1.0.1 CVE
HIGH 7.8 8213BCAE-4E79-

Exploit for CVE-2026-46331_8213BCAE-4E79-5E25-9642-230C8D3F7823

CVE-2026-46331 pedit COW – Linux LPE Validation and auditd/AppArmor Detection Defensive validation report for CVE-2026-46331, focused on Linux kern...

N/A N/A GITHUBEXPLOIT
HIGH 8.8 6210915C-9723-

Exploit for XML Injection (aka Blind XPath Injection) in Samlify_Project Samlify_6210915C-9723-542E-AAB3-1FFADF0E92C4

CVE-2026-46490 — samlify SAML AttributeValue XML Injection → Privilege Escalation samlify contexts. A user-controlled value e.g. email / name place...

N/A N/A GITHUBEXPLOIT
HIGH 7.3 CVE-2026-8864

HP Fan Control App – Potential Escalation of Privilege_CVE-2026-8864

The HP Fan Control App might allow local escalation of privileges. An updated version of HP Fan Control App has been released to mit...

HP Inc. HP Fan Control App CVE
HIGH 8.1 CVE-2026-58377

JeecgBoot 3.9.2 – Missing Authorization on OpenAPI Credential Management Endpoints Exposes Access/Secret Keys_CVE-2026-58377

JeecgBoot through 3.9.2 contains a broken access control vulnerability that allows authenticated low-privilege users to perform full create, read, ...

jeecgboot JeecgBoot CVE
HIGH 7.6 CVE-2026-58376

Dolibarr – SQL Injection via sqlfilters Parameter in Multiple REST API List Endpoints_CVE-2026-58376

Dolibarr through 23.0.3, fixed in commit 14db36e, contains a sql injection vulnerability that allows authenticated API users to exfiltrate arbitrar...

Dolibarr dolibarr CVE
HIGH 7.2 CVE-2026-10513

Webmention <= 5.8.0 - Unauthenticated Stored Cross-Site Scripting via MF2 'photo'/'url' Author Properties_CVE-2026-10513

The Webmention plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.8.0 via parser-derived 'avatar' ...

pfefferle Webmention CVE