Recent Advisories

Severity ID Title Vendor Product Date Type
LOW 3.5 CVE-2025-55249

HCL AION is affected by a Missing Security Response Headers vulnerability._CVE-2025-55249

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s ov...

HCL Software AION 2 CVE
LOW 2.4 CVE-2025-52661

CVE-2025-52661_CVE-2025-52661

HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in u...

HCL Software AION 2 CVE
LOW 3.1 CVE-2025-55252

HCL AION is affected by a Weak Password Policy vulnerability_CVE-2025-55252

HCL AION  version 2 is affected by a Weak Password Policy vulnerability. This can  allow the use of easily guessable passwords, potentially resulti...

HCL Software AION 2 CVE
LOW 1.8 CVE-2025-55250

HCL AION is affected by a Technical Error Disclosure vulnerability_CVE-2025-55250

HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in...

HCL Software AION 2 CVE
LOW 3.7 CVE-2026-23522

Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion_CVE-2026-23522

LobeChat is an open source chat application platform. Prior to version 2.0.0-next.193, `knowledgeBase.removeFilesFromKnowledgeBase` tRPC ep allows ...

lobehub lobe-chat < 2.0.0-next.193 CVE
LOW 2.2 CVE-2026-0682

Church Admin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter_CVE-2026-0682

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient...

andy_moyle Church Admin * CVE
LOW 3.3 CVE-2025-31186

CVE-2025-31186_CVE-2025-31186

A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences.

Apple Xcode unspecified CVE
LOW 3.3 CVE-2025-24090

CVE-2025-24090_CVE-2025-24090

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a ...

Apple iOS and iPadOS unspecified CVE
LOW 2.6 CVE-2025-61873

CVE-2025-61873_CVE-2025-61873

Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.

bestpractical Request Tracker CVE
LOW 2.9 CVE-2026-22782

RustFS RPC signature verification logs shared secret_CVE-2026-22782

RustFS is a distributed object storage system built in Rust. From >= 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to lo...

rustfs rustfs >= 1.0.0-alpha.1, < 1.0.0-alpha.80 CVE