Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.6 CVE-2026-6684

FatFs Infinite Loop in GPT Partition Scan_CVE-2026-6684

FatFs prior to R0.16 that use GPT scanning with 'FF_LBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTH_P...

ChaN FatFs CVE
MEDIUM 4.6 CVE-2026-6683

FatFs Divide-by-Zero in exFAT Sync_CVE-2026-6683

FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes n_fatent - 2 to be zero during write/sync op...

ChaN FatFs CVE
MEDIUM 5.4 CVE-2026-6283

Stored XSS in DivvyDrive Information Technologies’ DivvyDrive_CVE-2026-6283

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. Divv...

DivvyDrive Information Technologies Inc. DivvyDrive v.4.8.2.23 CVE
MEDIUM 6.4 CVE-2026-5220

Stored XSS in DivvyDrive Information Technologies’ DivvyDrive_CVE-2026-5220

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. Divv...

DivvyDrive Information Technologies Inc. DivvyDrive 4.8.2.23 CVE
MEDIUM 6.5 CVE-2026-5142

Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass_CVE-2026-5142

A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, allowing them to download private SSH...

Red Hat Red Hat Satellite 6 CVE
MEDIUM 4.3 CVE-2026-5138

Foreman: foreman: information disclosure via improper validation of nested request parameters_CVE-2026-5138

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. Th...

Red Hat Red Hat Satellite 6 CVE
MEDIUM 6.5 CVE-2026-5135

Foreman: foreman: unauthorized modification of host configurations via broken access control_CVE-2026-5135

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existi...

Red Hat Red Hat Satellite 6 CVE
MEDIUM 5.5 CVE-2026-14330

Pipewire: pulse server alloca stack overflow_CVE-2026-14330

Multiple unbounded alloca() calls in the PulseAudio protocol server.

Red Hat Red Hat Enterprise Linux 10 CVE
MEDIUM 6.5 CVE-2026-14324

Pipewire: raop rtsp null deref_CVE-2026-14324

RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.

Red Hat Red Hat Enterprise Linux 10 CVE
MEDIUM 6.4 CVE-2026-12374

Improper XPC caller certificate validation and TOCTOU race condition in macOS PrivilegedHelperTool_CVE-2026-12374

Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelperTool XPC service in Cato Client befo...

Cato Networks SDP Client 5.12.0 CVE