Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.6 CVE-2026-6684

FatFs Infinite Loop in GPT Partition Scan_CVE-2026-6684

FatFs prior to R0.16 that use GPT scanning with 'FF_LBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTH_P...

ChaN FatFs CVE
MEDIUM 4.6 CVE-2026-6683

FatFs Divide-by-Zero in exFAT Sync_CVE-2026-6683

FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes n_fatent - 2 to be zero during write/sync op...

ChaN FatFs CVE
HIGH 7.6 CVE-2026-6682

FatFs Integer Overflow in FAT32 Volume Mount_CVE-2026-6682

In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mount_volume() where fasize *= fs->n_fats can wrap, leading to attacker-control...

ChaN FatFs CVE
MEDIUM 5.4 CVE-2026-6283

Stored XSS in DivvyDrive Information Technologies’ DivvyDrive_CVE-2026-6283

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. Divv...

DivvyDrive Information Technologies Inc. DivvyDrive v.4.8.2.23 CVE
MEDIUM 6.4 CVE-2026-5220

Stored XSS in DivvyDrive Information Technologies’ DivvyDrive_CVE-2026-5220

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. Divv...

DivvyDrive Information Technologies Inc. DivvyDrive 4.8.2.23 CVE
MEDIUM 6.5 CVE-2026-5142

Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass_CVE-2026-5142

A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, allowing them to download private SSH...

Red Hat Red Hat Satellite 6 CVE
MEDIUM 4.3 CVE-2026-5138

Foreman: foreman: information disclosure via improper validation of nested request parameters_CVE-2026-5138

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. Th...

Red Hat Red Hat Satellite 6 CVE
MEDIUM 6.5 CVE-2026-5135

Foreman: foreman: unauthorized modification of host configurations via broken access control_CVE-2026-5135

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existi...

Red Hat Red Hat Satellite 6 CVE
HIGH 8.7 CVE-2026-58399

@acastellon/auth has an authentication bypass via spoofable headers in validateToken()_CVE-2026-58399

@acastellon/auth is an authentication control system for microservices. Versions prior to 2.3.0 appear to allow an unauthenticated authentication b...

antonio-castellon module-auth < 2.3.0 CVE
HIGH 8.2 CVE-2026-2891

Poly Voice Devices (CCX, Trio, Edge E) – Potential Denial of Service_CVE-2026-2891

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed dat...

HP Inc CCX CVE