Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.3 CVE-2026-55886

Jodit Editor: Prototype Pollution in Jodit via Jodit.modules.Helpers.set()_CVE-2026-55886

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to P...

xdan jodit < 4.12.26 CVE
HIGH 7.1 CVE-2026-55153

mchange-commons-java contains elements susceptible to abuse via JNDI injection and “deserialization gadgets”_CVE-2026-55153

mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, it...

swaldman mchange-commons-java < 0.6.0 CVE
LOW 2.3 CVE-2026-54786

Wasmtime: Leak in WASIp1 `fd_renumber` implementation_CVE-2026-54786

Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those ...

bytecodealliance wasmtime < 24.0.10 CVE
HIGH 8.3 CVE-2026-50521

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability_CVE-2026-50521

{“lastseen”:””,”description”:””,”published”:”2026-07-01T20:14:43.695Z”,&#82...

Microsoft Microsoft Edge (Chromium-based) 1.0.0.0 CVE
HIGH 7.2 CVE-2026-58263

Jodit Editor: Mutation XSS in jodit clean-html via a MathML/style rawtext carrier_CVE-2026-58263

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in cl...

xdan jodit < 4.12.28 CVE
MEDIUM 4.8 CVE-2026-55661

TinaCMS rich-text (slatejson) rendering does not sanitize link/image URLs, allowing stored XSS via dangerous URL schemes_CVE-2026-55661

Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/i...

tinacms tinacms < 3.9.3 CVE
HIGH 7.6 CVE-2026-55660

TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover_CVE-2026-55660

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a ri...

tinacms tinacms < 3.9.3 CVE
MEDIUM 6.3 CVE-2026-54756

Jodit Editor: Prototype pollution via Jodit.configure() / ConfigMerge_CVE-2026-54756

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configure...

xdan jodit < 4.12.18 CVE
MEDIUM 5.4 CVE-2026-54720

Silverstripe Framework: Possible XSS attack through media embed_CVE-2026-54720

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality ...

silverstripe silverstripe-framework < 6.2.2 CVE
HIGH 7.8 CVE-2026-54074

@tinacms/cli: Remote Code Execution via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels_CVE-2026-54074

Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to...

tinacms tinacms < 2.4.3 CVE