Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-20216

ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerability_CVE-2026-20216

A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an af...

Cisco Cisco Secure Endpoint 7.0.5 CVE
HIGH 7.5 CVE-2026-20215

ClamAV 7Zip File Format Processing Out-of-Bounds Memory Corruption Vulnerability_CVE-2026-20215

A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other ...

Cisco Cisco Secure Endpoint 7.0.5 CVE
HIGH 7.5 CVE-2026-20214

ClamAV FSG File Format Processing Out-of-Bounds Memory Corruption Vulnerability_CVE-2026-20214

A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other...

Cisco Cisco Secure Endpoint 7.0.5 CVE
HIGH 7.5 CVE-2026-20213

ClamAV PE File Format Processing Out-of-Bounds Memory Corruption Vulnerability_CVE-2026-20213

A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other ...

Cisco Cisco Secure Endpoint 7.0.5 CVE
HIGH 7.5 CVE-2026-20191

Cisco Catalyst Center Arbitrary File Read Vulnerability_CVE-2026-20191

A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. ...

Cisco Cisco Catalyst Center 2.3.7.0-VA CVE
MEDIUM 5.5 CVE-2026-12480

Arbitrary HDF5 File Read via Virtual Dataset Bypass in keras-team/keras_CVE-2026-12480

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerabili...

keras-team keras-team/keras unspecified CVE
MEDIUM 4.4 CVE-2026-5051

Audit Log Plugin Directory Guard Bypass via Legacy path Option_CVE-2026-5051

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the ...

HashiCorp Vault 1.20.1 CVE
MEDIUM 6.9 CVE-2026-58521

SQLi in Cargo extension via year range filter_CVE-2026-58521

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Ex...

The Wikimedia Foundation Mediawiki - Cargo Extension * CVE
MEDIUM 6.9 CVE-2026-58520

UrlShortener defaults to ineffective validation open to third-party redirects_CVE-2026-58520

URL redirection to untrusted site ('open redirect') vulnerability in The Wikimedia Foundation Mediawiki - UrlShortener Extension allows Cross-Site ...

The Wikimedia Foundation Mediawiki - UrlShortener Extension * CVE
MEDIUM 6.5 CVE-2026-57737

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.16 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57737

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta LTD Shortcodes and extra features for ...

Averta LTD Shortcodes and extra features for Phlox theme n/a CVE