Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-20191

Cisco Catalyst Center Arbitrary File Read Vulnerability_CVE-2026-20191

A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. ...

Cisco Cisco Catalyst Center 2.3.7.0-VA CVE
MEDIUM 5.5 CVE-2026-12480

Arbitrary HDF5 File Read via Virtual Dataset Bypass in keras-team/keras_CVE-2026-12480

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerabili...

keras-team keras-team/keras unspecified CVE
MEDIUM 4.4 CVE-2026-5051

Audit Log Plugin Directory Guard Bypass via Legacy path Option_CVE-2026-5051

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the ...

HashiCorp Vault 1.20.1 CVE
MEDIUM 6.9 CVE-2026-58521

SQLi in Cargo extension via year range filter_CVE-2026-58521

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Ex...

The Wikimedia Foundation Mediawiki - Cargo Extension * CVE
MEDIUM 6.9 CVE-2026-58520

UrlShortener defaults to ineffective validation open to third-party redirects_CVE-2026-58520

URL redirection to untrusted site ('open redirect') vulnerability in The Wikimedia Foundation Mediawiki - UrlShortener Extension allows Cross-Site ...

The Wikimedia Foundation Mediawiki - UrlShortener Extension * CVE
MEDIUM 6.5 CVE-2026-57737

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.16 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57737

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta LTD Shortcodes and extra features for ...

Averta LTD Shortcodes and extra features for Phlox theme n/a CVE
MEDIUM 6.5 CVE-2026-49090

Uncontrolled Resource Consumption in Elasticsearch Leading to Denial of Service_CVE-2026-49090

Uncontrolled Resource Consumption (CWE-400) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated...

Elastic Elasticsearch 8.0.0 CVE
HIGH 7.1 CVE-2026-58451

Horde IMP < 7.0.1 Path Traversal via Compose.php img src_CVE-2026-58451

Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from ...

horde imp CVE
MEDIUM 5.5 CVE-2026-55628

ImageMagick: Policy Bypass in concatenate operation due to missing checks_CVE-2026-55628

In versions prior to 7.1.2-26he, the `-concatenate` operation is missing policy checks, potentially resulting in both reading and writing to paths ...

ImageMagick ImageMagick < 7.1.2-26 CVE
HIGH 8.4 CVE-2026-53492

containerd CRI checkpoint restore CDI annotation smuggling_CVE-2026-53492

containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Dev...

containerd containerd >= 2.1.0, < 2.1.9 CVE