Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-36848

CVE-2026-36848_CVE-2026-36848

Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem.

n/a n/a n/a CVE
HIGH 8.7 CVE-2026-58000

luci-proto-openvpn – Command Injection via cl_meta Parameter in generateKey_CVE-2026-58000

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the cl_...

openwrt luci 0.11.1 CVE
HIGH 7.7 CVE-2026-57999

luci-app-tailscale-community – Command Injection via tailscale.do_login RPC_CVE-2026-57999

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.do_login RPC method that allows authenticated users to exe...

openwrt luci CVE
HIGH 8.2 CVE-2026-53426

Atom-table exhaustion denial-of-service via JSON parse_document in MDEx_CVE-2026-53426

Allocation of Resources Without Limits or Throttling vulnerability in leandrocp MDEx allows Excessive Allocation. MDEx.parse_document/2 accepts a ...

leandrocp mdex 0.4.3 CVE
HIGH 7.8 CVE-2026-57919

CVE-2026-57919_CVE-2026-57919

PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (\\.\pipe\PBackupVSS) with a DACL that grants GENERIC_READ...

n/a n/a n/a CVE
HIGH 8.3 CVE-2026-57960

Hi.Events 1.9.0 – Unauthenticated Attendee PII Exposure via Check-in List short_id_CVE-2026-57960

Hi.Events through 1.9.0 public check-in list endpoints use short_id as sole access control, allowing unauthenticated access to retrieve full attend...

HiEventsDev Hi.Events CVE
HIGH 8.2 CVE-2026-57959

Hi.Events 1.9.0 – Promo Code Max-Usage Bypass via Asynchronous Job Race Condition_CVE-2026-57959

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStati...

HiEventsDev Hi.Events CVE
HIGH 8.3 CVE-2026-57955

SigNoz 0.130.1 – SQL Injection in Alert History Endpoints via Rule ID Parameter_CVE-2026-57955

SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by inject...

SigNoz signoz CVE
HIGH 7.1 CVE-2026-57951

Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table_CVE-2026-57951

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table with an always-satisfied _or condition that bypas...

its-a-feature Mythic CVE
HIGH 8.6 CVE-2026-57950

ruoyi-vue-pro – Incorrect Permission Namespace in ErpSaleOrderController_CVE-2026-57950

ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control vulnerability in ErpSaleOrderController that allows attacke...

Yunai ruoyi-vue-pro CVE