Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.9 CVE-2026-58520

UrlShortener defaults to ineffective validation open to third-party redirects_CVE-2026-58520

URL redirection to untrusted site ('open redirect') vulnerability in The Wikimedia Foundation Mediawiki - UrlShortener Extension allows Cross-Site ...

The Wikimedia Foundation Mediawiki - UrlShortener Extension * CVE
MEDIUM 6.5 CVE-2026-57737

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.16 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57737

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta LTD Shortcodes and extra features for ...

Averta LTD Shortcodes and extra features for Phlox theme n/a CVE
MEDIUM 6.5 CVE-2026-49090

Uncontrolled Resource Consumption in Elasticsearch Leading to Denial of Service_CVE-2026-49090

Uncontrolled Resource Consumption (CWE-400) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated...

Elastic Elasticsearch 8.0.0 CVE
HIGH 7.1 CVE-2026-58451

Horde IMP < 7.0.1 Path Traversal via Compose.php img src_CVE-2026-58451

Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from ...

horde imp CVE
MEDIUM 5.5 CVE-2026-55628

ImageMagick: Policy Bypass in concatenate operation due to missing checks_CVE-2026-55628

In versions prior to 7.1.2-26he, the `-concatenate` operation is missing policy checks, potentially resulting in both reading and writing to paths ...

ImageMagick ImageMagick < 7.1.2-26 CVE
HIGH 8.4 CVE-2026-53492

containerd CRI checkpoint restore CDI annotation smuggling_CVE-2026-53492

containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Dev...

containerd containerd >= 2.1.0, < 2.1.9 CVE
HIGH 8.2 CVE-2026-53489

containerd: Arbitrary host CRI log file read via symlink following in CRI checkpoint restore_CVE-2026-53489

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log ...

containerd containerd >= 2.1.0, < 2.1.9 CVE
MEDIUM 6.5 CVE-2026-53466

ImageMagick: Heap Buffer Over-Read in XCF decoder due to integer conversion overflow_CVE-2026-53466

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer...

ImageMagick ImageMagick < 6.9.13-51 CVE
MEDIUM 5.6 CVE-2026-50195

containerd: CRI checkpoint import allows local image tag poisoning_CVE-2026-50195

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import proce...

containerd containerd >= 2.1.0, < 2.1.9 CVE
CRITICAL 10 CVE-2026-50160

Mass Assignment via Onboarding Endpoint Allows Unauthenticated JWT_SECRET Overwrite_CVE-2026-50160

Hoppscotch is an API development ecosystem. In self-hosted deployments of hoppscotch-backend from version 2026.4.1 and earlier, the unauthenticated...

hoppscotch hoppscotch <= 2026.4.1 CVE