Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.3 CVE-2026-53905

Unauthorized Access to Administrator ACL View in MCO_CVE-2026-53905

MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint. An aut...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 6.3 CVE-2026-53904

Account Denial of Service in MCO_CVE-2026-53904

MCO is vulnerable to Account Denial of Service due to improper implementation of password reset functionality. Each password reset request invalida...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 5.3 CVE-2026-53903

Insecure Direct Object Reference in MCO_CVE-2026-53903

MCO is vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability in the /customer/servlet/mco/webapi/trading-document/fetchPdfStatemen...

MyComplianceOffice MCO 25.3.3.1 CVE
HIGH 7.1 CVE-2026-53902

Privilege Escalation in MCO_CVE-2026-53902

MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/profile-sections/group-membership endpoint. An authenticated...

MyComplianceOffice MCO 25.3.3.1 CVE
HIGH 8.8 CVE-2026-5136

Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation_CVE-2026-5136

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. Thi...

Red Hat Red Hat Satellite 6 CVE
CRITICAL 9.8 CVE-2026-57692

WordPress PrivateContent plugin <= 9.9.2 - Privilege Escalation vulnerability_CVE-2026-57692

Incorrect Privilege Assignment vulnerability in LCweb PrivateContent allows Privilege Escalation. This issue affects PrivateContent: from n/a thro...

LCweb PrivateContent n/a CVE
HIGH 8.8 THN:45DBF678A05...

AI-Generated Browser Ransomware Abuses Chromium API on Windows and Android_THN:45DBF678A05E043F3FDBB5FE129695AB

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4BJdHYquuxXoz8n0LhMEmm9KPcWcMC57w4LnqbMNCPXMAFdS95ys3zE6F5jZOvSKwsVWp6t3z8pVImRJ3Nv...

N/A N/A THN
CRITICAL 9 CVE-2026-13603

SSRF with API key leak in pretix-oppwa_CVE-2026-13603

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's techno...

pretix pretix-oppwa CVE
HIGH 8.1 E4BC4653-1B76-

harfbuzz-stch-oob-write_E4BC4653-1B76-59F0-83C7-DDDABD36A472

HarfBuzz applystch — Integer Overflow → Heap OOB Write Crash harness, trigger font, and browser PoC for the integer overflow in HarfBuzz's applystc...

N/A N/A GITHUBEXPLOIT
HIGH 8.1 D7683152-09DF-

Exploit for Cross-Site Request Forgery (CSRF) in Apple Safari_D7683152-09DF-5A98-A55B-3490F8CFF60E

CVE-2026-43735 WebKit cross-domain information leakage. Safari = 26.5.2: PATCHED NavigateEvent.sourceElement is null...

N/A N/A GITHUBEXPLOIT