Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.1 CVE-2026-39868

CVE-2026-39868_CVE-2026-39868

This issue was addressed with improved input validation. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be abl...

Apple iOS and iPadOS CVE
CRITICAL 9.1 CVE-2026-53434

Apache Tomcat: Invalid CRL configuration doesn’t trigger failure for FFM Connector_CVE-2026-53434

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apa...

Apache Software Foundation Apache Tomcat 11.0.0-M1, 10.1.0-M7, 9.0.83 CVE
CRITICAL 9.1 CVE-2026-6556

@fastify/express vulnerable to middleware bypass via non-string mount paths in prefixed plugins_CVE-2026-6556

@fastify/express versions 4.0.6 and earlier only rewrite the plugin prefix for middleware mount paths when the path argument is a string. Non-strin...

@fastify/express @fastify/express CVE
CRITICAL 9.3 CVE-2026-58116

LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path_CVE-2026-58116

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code...

hiyouga LlamaFactory 0.9.5 CVE
CRITICAL 9.4 B4B4CA7A-D754-

Exploit for OS Command Injection in Devcode Openstamanager_B4B4CA7A-D754-5C31-B526-5E199D0B91D5

CVE-2025-69212 OpenSTAManager --check Vulnerability Check bash Auto-detect plugin and verify vulnerability python3 exploit.py -t http://target.com ...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 0EB7005F-1AF8-

Nessus-CVE-POC-Finder_0EB7005F-1AF8-5D82-BFB3-0885D0E7AA8B

Nessus-CVE-POC-Finder Python script to parse .nessus file, extract CVE numbers, and search for exploits using "searchsploit". Usage usage: Nessus-C...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 DCB07824-2947-

Exploit for Improper Authentication in Oracle E-Business_Suite_DCB07824-2947-51F9-8738-1630098A0772

CVE-2026-46817 Proof of Concept Oracle E-Business Suite File Transmission Path Traversal --- ⚠️ LEGAL DISCLAIMER THIS SOFTWARE IS PROVIDED FOR EDUC...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 CVE-2026-8402

SQLi in Exagate’s SYSGUARD 6001_CVE-2026-8402

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer ...

Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 2.0.2 CVE
CRITICAL 9.3 CVE-2026-53690

SQL Injection in Redeight CMS_CVE-2026-53690

An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the "userEmail" parameter in the POST "/admin/index.php" login endpoint. The ...

Redeight Redeight CMS 1.0 CVE
CRITICAL 9.3 CVE-2026-14162

Advantech|Hospital Quering Management – Missing Authentication_CVE-2026-14162

Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access...

Advantech Hospital Quering Management CVE