Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.4 CVE-2026-5220

Stored XSS in DivvyDrive Information Technologies’ DivvyDrive_CVE-2026-5220

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. Divv...

DivvyDrive Information Technologies Inc. DivvyDrive 4.8.2.23 CVE
MEDIUM 6.5 CVE-2026-5142

Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass_CVE-2026-5142

A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, allowing them to download private SSH...

Red Hat Red Hat Satellite 6 CVE
MEDIUM 4.3 CVE-2026-5138

Foreman: foreman: information disclosure via improper validation of nested request parameters_CVE-2026-5138

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. Th...

Red Hat Red Hat Satellite 6 CVE
MEDIUM 6.5 CVE-2026-5135

Foreman: foreman: unauthorized modification of host configurations via broken access control_CVE-2026-5135

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existi...

Red Hat Red Hat Satellite 6 CVE
HIGH 8.7 CVE-2026-58399

@acastellon/auth has an authentication bypass via spoofable headers in validateToken()_CVE-2026-58399

@acastellon/auth is an authentication control system for microservices. Versions prior to 2.3.0 appear to allow an unauthenticated authentication b...

antonio-castellon module-auth < 2.3.0 CVE
HIGH 8.2 CVE-2026-2891

Poly Voice Devices (CCX, Trio, Edge E) – Potential Denial of Service_CVE-2026-2891

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed dat...

HP Inc CCX CVE
CRITICAL 9.1 CVE-2026-23537

Feast: unauthenticated arbitrary file write_CVE-2026-23537

A vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an unauthenticated remote attacker to write...

Feast Feast Feature Server CVE
MEDIUM 5.5 CVE-2026-14330

Pipewire: pulse server alloca stack overflow_CVE-2026-14330

Multiple unbounded alloca() calls in the PulseAudio protocol server.

Red Hat Red Hat Enterprise Linux 10 CVE
MEDIUM 6.5 CVE-2026-14324

Pipewire: raop rtsp null deref_CVE-2026-14324

RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.

Red Hat Red Hat Enterprise Linux 10 CVE
HIGH 7.7 CVE-2026-13602

Session takeover vulnerability_CVE-2026-13602

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data...

pretix pretix 4.14.0 CVE