Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.4 CVE-2026-55790

Craft CMS: DOM XSS via GitHub issue title in CraftSupport widget_CVE-2026-55790

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub ...

craftcms cms >= 5.0.0-RC1, < 5.9.23 CVE
HIGH 8.7 CVE-2026-55794

Craft CMS: Potential authenticated Remote Code Execution via referrer redirect_CVE-2026-55794

Craft CMS is a content management system (CMS). In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries c...

craftcms cms >= 5.9.0, < 5.10.0 CVE
HIGH 7.6 CVE-2026-50279

Craft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation authorization gap_CVE-2026-50279

Craft CMS is a content management system (CMS). IN versions 5.0.0-RC1 and above prior to 5.9.21, theEntriesController::actionSaveEntry() performs e...

craftcms cms >= 5.0.0-RC1, < 5.9.21 CVE
HIGH 8.8 CVE-2026-14087

CVE-2026-14087_CVE-2026-14087

Heap buffer overflow in WebNN in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process...

Google Chrome 150.0.7871.47 CVE
HIGH 7.4 CVE-2026-57736

WordPress HubSpot plugin <= 11.3.51 - Sensitive Data Exposure vulnerability_CVE-2026-57736

Insertion of Sensitive Information Into Sent Data vulnerability in HubSpot allows Retrieve Embedded Sensitive Data. This issue affects HubSpot: fr...

HubSpot HubSpot n/a CVE
HIGH 7.4 CVE-2026-57723

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.12 - CSRF to Arbitrary File Deletion vulnerability_CVE-2026-57723

Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Path Traversal. This issue affects VikBoo...

e4jvikwp VikBooking Hotel Booking Engine & PMS n/a CVE
HIGH 7.5 CVE-2026-54428

Apache HttpComponents Core: HPackDecoder Unlimited Header List Size Before SETTINGS ACK_CVE-2026-54428

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core (5.4.2 and earlier, 5.5-beta1 and ea...

Apache Software Foundation Apache HttpComponents Core 5.5-alpha CVE
HIGH 8 CVE-2026-49091

Improper Output Neutralization for Logs in Kibana Leading to Log Injection_CVE-2026-49091

Improper Output Neutralization for Logs (CWE-117) in Kibana can lead to log injection via Log Injection-Tampering-Forging (CAPEC-93). An attacker c...

Elastic Kibana 8.0.0 CVE
HIGH 7.3 CVE-2026-46680

containerd user ID handling bypass allows runAsNonRoot evasion_CVE-2026-46680

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User direct...

containerd containerd < 1.7.32 CVE
HIGH 8.7 CVE-2026-49119

Gradio < 6.16.0 Path Traversal via FileExplorer.preprocess()_CVE-2026-49119

Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess() method that allows unauthenticated attacke...

gradio-app gradio CVE