Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.7 CVE-2026-58399

@acastellon/auth has an authentication bypass via spoofable headers in validateToken()_CVE-2026-58399

@acastellon/auth is an authentication control system for microservices. Versions prior to 2.3.0 appear to allow an unauthenticated authentication b...

antonio-castellon module-auth < 2.3.0 CVE
HIGH 8.2 CVE-2026-2891

Poly Voice Devices (CCX, Trio, Edge E) – Potential Denial of Service_CVE-2026-2891

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed dat...

HP Inc CCX CVE
CRITICAL 9.1 CVE-2026-23537

Feast: unauthenticated arbitrary file write_CVE-2026-23537

A vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an unauthenticated remote attacker to write...

Feast Feast Feature Server CVE
MEDIUM 5.5 CVE-2026-14330

Pipewire: pulse server alloca stack overflow_CVE-2026-14330

Multiple unbounded alloca() calls in the PulseAudio protocol server.

Red Hat Red Hat Enterprise Linux 10 CVE
MEDIUM 6.5 CVE-2026-14324

Pipewire: raop rtsp null deref_CVE-2026-14324

RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.

Red Hat Red Hat Enterprise Linux 10 CVE
HIGH 7.7 CVE-2026-13602

Session takeover vulnerability_CVE-2026-13602

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data...

pretix pretix 4.14.0 CVE
MEDIUM 6.4 CVE-2026-12374

Improper XPC caller certificate validation and TOCTOU race condition in macOS PrivilegedHelperTool_CVE-2026-12374

Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelperTool XPC service in Cato Client befo...

Cato Networks SDP Client 5.12.0 CVE
MEDIUM 4.3 CVE-2026-8480

Connection possible to the Administration portal with a revoked certificate_CVE-2026-8480

A vulnerability was discovered on Stormshield Network Security 4.3.0  to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (include...

Stormshield Stormshield Network Security 4.3.0 CVE
CRITICAL 9.3 CVE-2026-58127

PACSgear MediaWriter 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service_CVE-2026-58127

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj...

Hyland PACSgear MediaWriter 5.2.1 CVE
CRITICAL 9.3 CVE-2026-58126

PACSgear PACS Scan 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service_CVE-2026-58126

PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary f...

Hyland PACSgear PACS Scan 5.2.1 CVE