Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-42504

Quadratic complexity in WordDecoder.DecodeHeader in mime_CVE-2026-42504

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.

Go standard library mime CVE
HIGH 7 CVE-2026-44281

GLPI vulnerable to unauthorized reading of a specific asset object_CVE-2026-44281

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user w...

glpi-project glpi >= 11.0.0, < 11.0.7 CVE
HIGH 8.4 CVE-2026-42321

GLPI has stored XSS in asset locks_CVE-2026-42321

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS pay...

glpi-project glpi >= 10.0.4, < 10.0.25 CVE
HIGH 7 CVE-2026-42318

GLPI Vulnerable to Arbitrary Item Deletion via Planning Endpoint_CVE-2026-42318

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users wi...

glpi-project glpi >= 11.0.0, < 11.0.7 CVE
HIGH 7 CVE-2026-42317

GLPI vulnerable to arbitrary files deletion by technician_CVE-2026-42317

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete...

glpi-project glpi >= 11.0.0, < 11.0.7 CVE
HIGH 7.7 THN:080A0E674D1...

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag_THN:080A0E674D16A0E41BA6F5E8E1F2D4E0

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_pEYWDRVadGL0WYM3iSY6jqFgBez8snXgoyeyAzcXNmxiytv-FgiKoBJX3aPivuYhSJjXp4o_zO1dQSIPUf...

N/A N/A THN
HIGH 7.3 CVE-2026-30649

CVE-2026-30649_CVE-2026-30649

Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component

n/a n/a n/a CVE
HIGH 8 CVE-2026-5241

Policy Bypass in LightGlue Nested Config Resolution in huggingface/transformers_CVE-2026-5241

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to exe...

huggingface huggingface/transformers unspecified CVE
HIGH 10 2D33D81A-E898-

Exploit for Improper Access Control in Proftpd_2D33D81A-E898-5537-AD2E-9F2BC986C1A4

OpenVAS-Vulnerability-Analysis-Incident-Response-Report Real-World Simulation: FTP Service Exploitation ProFTPD CVE-2015-3306 Real-World Simulation...

N/A N/A GITHUBEXPLOIT
HIGH 8.8 THN:280C3ABDE44...

Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)_THN:280C3ABDE4442D135F19D04EF30131D6

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTV6zPqD9KC3Rc5Mz9c8XENLiJntboDT6LIoD3L2FXlTUVC3rsWZ_3YLfe_jmhhyphenhyphenjb5RCwkTsd...

N/A N/A THN