Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.3 CVE-2026-50003

OFFIS DCMTK Toolkit Path Traversal_CVE-2026-50003

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, ...

OFFIS DICOM DCMTK Toolkit CVE
HIGH 8.7 CVE-2026-35505

OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime_CVE-2026-35505

An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows u...

OFFIS DICOM DCMTK Toolkit CVE
HIGH 7.4 CVE-2026-11541

IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling_CVE-2026-11541

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP requ...

IBM WebSphere Application Server 9.0 CVE
HIGH 7.5 CVE-2026-57585

MessagePack: Out-of-bounds read/crash on Unpacker reuse after caught error_CVE-2026-57585

MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a...

msgpack msgpack-python < 1.2.1 CVE
MEDIUM 6.9 CVE-2026-57204

pypdf: Missing stream length values ignore defined limits_CVE-2026-57204

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulner...

py-pdf pypdf < 6.13.3 CVE
MEDIUM 6.3 CVE-2026-10585

Stored cross-site scripting vulnerability in GitHub Enterprise Server allowed arbitrary JavaScript execution via crafted Discussion titles in the Q&A category_CVE-2026-10585

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary ...

GitHub Enterprise Server 3.17.0 CVE
HIGH 8.7 CVE-2026-57995

phpMyFAQ – Privilege Escalation via Missing Self-Rights Constraint in GroupController::updatePermissions_CVE-2026-57995

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUP_EDIT administrators to ...

phpMyFAQ phpMyFAQ CVE
MEDIUM 5.3 CVE-2026-56777

n8n – AST Validator Bypass in Python Code Node_CVE-2026-56777

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree (AST) security validator bypass in the Python Code node. An authenticat...

n8n n8n CVE
CRITICAL 9.3 CVE-2026-56700

Grav – Multiple Remote Code Execution Vulnerabilities via Unsafe Unserialize and Command Injection_CVE-2026-56700

Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls - in Scheduler\JobQueue, Framework\...

Grav Grav CVE
MEDIUM 5.3 CVE-2026-56399

Open WebUI – Server-Side Request Forgery via Location Redirect in /api/v1/retrieval/process/web_CVE-2026-56399

Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticat...

open-webui open-webui CVE