Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.9 CVE-2026-14363

Cargo Extension: SQLi in Special:Drilldown_CVE-2026-14363

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Ex...

The Wikimedia Foundation Mediawiki - Cargo Extension * CVE
HIGH 7.5 CVE-2026-14265

RCE via Deserialization in AWS Advanced JDBC Wrapper_CVE-2026-14265

Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an...

AWS AWS Advanced JDBC Wrapper 3.3.0 CVE
MEDIUM 6.3 CVE-2026-55886

Jodit Editor: Prototype Pollution in Jodit via Jodit.modules.Helpers.set()_CVE-2026-55886

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to P...

xdan jodit < 4.12.26 CVE
HIGH 7.1 CVE-2026-55153

mchange-commons-java contains elements susceptible to abuse via JNDI injection and “deserialization gadgets”_CVE-2026-55153

mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, it...

swaldman mchange-commons-java < 0.6.0 CVE
LOW 2.3 CVE-2026-54786

Wasmtime: Leak in WASIp1 `fd_renumber` implementation_CVE-2026-54786

Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those ...

bytecodealliance wasmtime < 24.0.10 CVE
HIGH 8.3 CVE-2026-50521

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability_CVE-2026-50521

{“lastseen”:””,”description”:””,”published”:”2026-07-01T20:14:43.695Z”,&#82...

Microsoft Microsoft Edge (Chromium-based) 1.0.0.0 CVE
HIGH 7.2 CVE-2026-58263

Jodit Editor: Mutation XSS in jodit clean-html via a MathML/style rawtext carrier_CVE-2026-58263

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in cl...

xdan jodit < 4.12.28 CVE
MEDIUM 4.8 CVE-2026-55661

TinaCMS rich-text (slatejson) rendering does not sanitize link/image URLs, allowing stored XSS via dangerous URL schemes_CVE-2026-55661

Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/i...

tinacms tinacms < 3.9.3 CVE
HIGH 7.6 CVE-2026-55660

TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover_CVE-2026-55660

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a ri...

tinacms tinacms < 3.9.3 CVE
MEDIUM 6.3 CVE-2026-54756

Jodit Editor: Prototype pollution via Jodit.configure() / ConfigMerge_CVE-2026-54756

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configure...

xdan jodit < 4.12.18 CVE