Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.3 CVE-2026-41121

CVE-2026-41121_CVE-2026-41121

Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access ('Link Following’) vulnerability...

Dell Device Management Agent CVE
HIGH 7.3 CVE-2026-13760

OS Command Injection in aws-cdk-lib Docker Bundling_CVE-2026-13760

OS command injection in the NodejsFunction Docker bundling pipeline (OsCommand helper) in AWS aws-cdk-lib on all platforms might allow a actor who ...

AWS AWS CDK CVE
HIGH 7.5 CVE-2026-58593

NodeBB – ActivityPub Author Spoofing via Unvalidated attributedTo Mapped to Local User_CVE-2026-58593

NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTT...

NodeBB NodeBB 4.13.2 CVE
HIGH 8.3 CVE-2026-58592

Ladybird – Web-Reachable Code Execution via Dangling FunctionType Reference in WebAssembly ESM Integration_CVE-2026-58592

Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported ...

LadybirdBrowser Ladybird CVE
HIGH 7.5 CVE-2026-14265

RCE via Deserialization in AWS Advanced JDBC Wrapper_CVE-2026-14265

Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an...

AWS AWS Advanced JDBC Wrapper 3.3.0 CVE
HIGH 7.1 CVE-2026-55153

mchange-commons-java contains elements susceptible to abuse via JNDI injection and “deserialization gadgets”_CVE-2026-55153

mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, it...

swaldman mchange-commons-java < 0.6.0 CVE
HIGH 8.3 CVE-2026-50521

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability_CVE-2026-50521

{“lastseen”:””,”description”:””,”published”:”2026-07-01T20:14:43.695Z”,&#82...

Microsoft Microsoft Edge (Chromium-based) 1.0.0.0 CVE
HIGH 7.2 CVE-2026-58263

Jodit Editor: Mutation XSS in jodit clean-html via a MathML/style rawtext carrier_CVE-2026-58263

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in cl...

xdan jodit < 4.12.28 CVE
HIGH 7.6 CVE-2026-55660

TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover_CVE-2026-55660

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a ri...

tinacms tinacms < 3.9.3 CVE
HIGH 7.8 CVE-2026-54074

@tinacms/cli: Remote Code Execution via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels_CVE-2026-54074

Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to...

tinacms tinacms < 2.4.3 CVE