Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.8 CVE-2026-53907

Stored Cross‑Site Scripting in MCO_CVE-2026-53907

MCO is vulnerable to Stored Cross‑Site Scripting (XSS) via the application logo upload functionality. An attacker with the ability to change the ap...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 5.1 CVE-2026-53906

Path Disclosure and Path Traversal in MCO_CVE-2026-53906

MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of th...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 5.3 CVE-2026-53905

Unauthorized Access to Administrator ACL View in MCO_CVE-2026-53905

MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint. An aut...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 6.3 CVE-2026-53904

Account Denial of Service in MCO_CVE-2026-53904

MCO is vulnerable to Account Denial of Service due to improper implementation of password reset functionality. Each password reset request invalida...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 5.3 CVE-2026-53903

Insecure Direct Object Reference in MCO_CVE-2026-53903

MCO is vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability in the /customer/servlet/mco/webapi/trading-document/fetchPdfStatemen...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 6.7 CVE-2026-20463

CVE-2026-20463_CVE-2026-20463

In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious ...

MediaTek, Inc. MediaTek chipset MT2716 CVE
MEDIUM 6.7 CVE-2026-20462

CVE-2026-20462_CVE-2026-20462

In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious ...

MediaTek, Inc. MediaTek chipset MT6739 CVE
MEDIUM 5.9 CVE-2026-20461

CVE-2026-20461_CVE-2026-20461

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service, if a UE has connected...

MediaTek, Inc. MediaTek chipset MT2737 CVE
MEDIUM 5.9 CVE-2026-20460

CVE-2026-20460_CVE-2026-20460

In Modem, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure, if a UE ha...

MediaTek, Inc. MediaTek chipset MT2735 CVE
MEDIUM 5.9 CVE-2026-20459

CVE-2026-20459_CVE-2026-20459

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to ...

MediaTek, Inc. MediaTek chipset MT2716 CVE