Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-58447

Invidious – Cross-User Playlist Video Deletion via Missing Ownership Check_CVE-2026-58447

Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level authorization vulnerability that allows authenticated attac...

iv-org Invidious CVE
MEDIUM 6.5 CVE-2026-58446

Presenton < 0.8.8-beta - Authentication Bypass of Session Auth via Unprotected MCP Endpoint_CVE-2026-58446

Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication (AUTH_USERNAME/AUTH_PAS...

presenton presenton CVE
MEDIUM 6.9 CVE-2026-57204

pypdf: Missing stream length values ignore defined limits_CVE-2026-57204

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulner...

py-pdf pypdf < 6.13.3 CVE
MEDIUM 6.3 CVE-2026-10585

Stored cross-site scripting vulnerability in GitHub Enterprise Server allowed arbitrary JavaScript execution via crafted Discussion titles in the Q&A category_CVE-2026-10585

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary ...

GitHub Enterprise Server 3.17.0 CVE
MEDIUM 5.3 CVE-2026-56777

n8n – AST Validator Bypass in Python Code Node_CVE-2026-56777

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree (AST) security validator bypass in the Python Code node. An authenticat...

n8n n8n CVE
MEDIUM 5.3 CVE-2026-56399

Open WebUI – Server-Side Request Forgery via Location Redirect in /api/v1/retrieval/process/web_CVE-2026-56399

Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticat...

open-webui open-webui CVE
MEDIUM 4.8 CVE-2026-56377

ImageMagick – Policy Bypass via Incorrect Path Validation_CVE-2026-56377

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. R...

ImageMagick ImageMagick CVE
MEDIUM 6.3 CVE-2026-56369

ImageMagick – Information Disclosure via AES-CTR Nonce Reuse in PasskeyEncipherImage_CVE-2026-56369

ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attacke...

ImageMagick ImageMagick CVE
MEDIUM 6.3 CVE-2026-56365

ImageMagick – Memory Leak in PNG Encoder via MNG Image Writing_CVE-2026-56365

ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder fail...

ImageMagick ImageMagick CVE
MEDIUM 4.8 CVE-2026-56363

ImageMagick – Division by Zero in Binomial Kernel Processing_CVE-2026-56363

ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of servic...

ImageMagick ImageMagick CVE