Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.3 CVE-2026-44731

OpenProject: Improper Access Control on OpenProject through /projects/[projectName]/meetings via “invited_user_id” in GET parameter “filters” leads to user names disclosure_CVE-2026-44731

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks ...

opf openproject < 17.3.2 CVE
MEDIUM 5.7 CVE-2026-44696

OpenProject: Stored CSS injection via Sanitize::Config::RELAXED[:css] enables phishing overlays and data exfiltration_CVE-2026-44696

OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text (markdown) rendering pipeline uses Sani...

opf openproject < 17.4.0 CVE
MEDIUM 5.3 CVE-2026-29509

Patool < 4.0.5 Path Traversal via safe_extract() Function_CVE-2026-29509

Patool before 4.0.5 contains a path traversal vulnerability in the safe_extract() function in patoolib/programs/py_tarfile.py when running on Pytho...

wummel patool CVE
MEDIUM 5 CVE-2026-48770

Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash_CVE-2026-48770

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malfor...

notepad-plus-plus notepad-plus-plus < 8.9.6.1 CVE
MEDIUM 6.5 CVE-2026-53577

Kestra: Cross-Execution File Read via Preview Endpoint (IDOR)_CVE-2026-53577

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint (GET /api/v1/{tena...

kestra-io kestra < 1.0.45 CVE
MEDIUM 6.5 MS:CVE-2026-13022

Chromium: CVE-2026-13022 Inappropriate implementation in Autofill_MS:CVE-2026-13022

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...

N/A N/A MSCVE
MEDIUM 4.3 MS:CVE-2026-13021

Chromium: CVE-2026-13021 Inappropriate implementation in DeviceBoundSessionCredentials_MS:CVE-2026-13021

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...

N/A N/A MSCVE
MEDIUM 5.3 MS:CVE-2026-13023

Chromium: CVE-2026-13023 Uninitialized Use in GPU_MS:CVE-2026-13023

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...

N/A N/A MSCVE
MEDIUM 4.2 MS:CVE-2026-13024

Chromium: CVE-2026-13024 Insufficient validation of untrusted input in Navigation_MS:CVE-2026-13024

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...

N/A N/A MSCVE
MEDIUM 4.7 MS:CVE-2026-13034

Chromium: CVE-2026-13034 Inappropriate implementation in Passwords_MS:CVE-2026-13034

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...

N/A N/A MSCVE