Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.1 CVE-2026-13323

CVE-2026-13323_CVE-2026-13323

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-S...

Eclipse Foundation Eclipse Open VSX 0.1.0 CVE
LOW 2.4 CVE-2026-8387

Relative Path Traversal in allegroai/clearml_CVE-2026-8387

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting `.zip` archives using t...

allegroai allegroai/clearml unspecified CVE
HIGH 8.1 CVE-2026-5120

Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026_CVE-2026-5120

A Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026 could allow a user to access unauthorized data from...

Dassault Systèmes BIOVIA Workbook Release 2021 Golden CVE
MEDIUM 5.3 CVE-2026-53909

Arbitrary File Upload in MCO_CVE-2026-53909

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypas...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 6.9 CVE-2026-53908

User Enumeration in MCO_CVE-2026-53908

MCO is vulnerable to User Enumeration through authentication-related functionalities. The application returns distinguishable responses for valid a...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 4.8 CVE-2026-53907

Stored Cross‑Site Scripting in MCO_CVE-2026-53907

MCO is vulnerable to Stored Cross‑Site Scripting (XSS) via the application logo upload functionality. An attacker with the ability to change the ap...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 5.1 CVE-2026-53906

Path Disclosure and Path Traversal in MCO_CVE-2026-53906

MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of th...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 5.3 CVE-2026-53905

Unauthorized Access to Administrator ACL View in MCO_CVE-2026-53905

MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint. An aut...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 6.3 CVE-2026-53904

Account Denial of Service in MCO_CVE-2026-53904

MCO is vulnerable to Account Denial of Service due to improper implementation of password reset functionality. Each password reset request invalida...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 5.3 CVE-2026-53903

Insecure Direct Object Reference in MCO_CVE-2026-53903

MCO is vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability in the /customer/servlet/mco/webapi/trading-document/fetchPdfStatemen...

MyComplianceOffice MCO 25.3.3.1 CVE