Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.3 CVE-2026-58457

Shenzhen Aitemi M300 MT02 Unauthenticated OS Command Injection via protocol.csp_CVE-2026-58457

Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) contains an unauthenticated OS command injection vulnerability that allows network-adjace...

Shenzhen Aitemi E Commerce Co. Ltd. M300 Wi-Fi Repeater * CVE
MEDIUM 4 CVE-2026-55688

AsyncHttpClient: Cookie stored for an unrelated domain (cookie tossing) via ThreadSafeCookieStore_CVE-2026-55688

The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions f...

AsyncHttpClient async-http-client >= 2.0.0, < 2.16.0 CVE
MEDIUM 6.3 CVE-2026-54908

Pion DTLS: Denial of service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message_CVE-2026-54908

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic...

pion dtls < 3.1.4 CVE
MEDIUM 6.5 CVE-2026-54164

API Platform Core: Missing IRI type check enables resource type confusion_CVE-2026-54164

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's A...

api-platform core < 4.1.30 CVE
MEDIUM 5.9 CVE-2026-49858

API Platform Core: Cross-user attribute leak in JSON:API and HAL item normalizers due to missing isCacheKeySafe gate_CVE-2026-49858

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions from 2.6.0 prior to 4.1.29, 4.2.26, and 4.3.12, a miss...

api-platform core >= 2.6.0, < 4.1.29 CVE
MEDIUM 6.9 CVE-2026-14363

Cargo Extension: SQLi in Special:Drilldown_CVE-2026-14363

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Ex...

The Wikimedia Foundation Mediawiki - Cargo Extension * CVE
HIGH 7.5 CVE-2026-14265

RCE via Deserialization in AWS Advanced JDBC Wrapper_CVE-2026-14265

Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an...

AWS AWS Advanced JDBC Wrapper 3.3.0 CVE
MEDIUM 6.3 CVE-2026-55886

Jodit Editor: Prototype Pollution in Jodit via Jodit.modules.Helpers.set()_CVE-2026-55886

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to P...

xdan jodit < 4.12.26 CVE
HIGH 7.1 CVE-2026-55153

mchange-commons-java contains elements susceptible to abuse via JNDI injection and “deserialization gadgets”_CVE-2026-55153

mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, it...

swaldman mchange-commons-java < 0.6.0 CVE
LOW 2.3 CVE-2026-54786

Wasmtime: Leak in WASIp1 `fd_renumber` implementation_CVE-2026-54786

Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those ...

bytecodealliance wasmtime < 24.0.10 CVE