Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.1 CVE-2026-23537

Feast: unauthenticated arbitrary file write_CVE-2026-23537

A vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an unauthenticated remote attacker to write...

Feast Feast Feature Server CVE
MEDIUM 5.5 CVE-2026-14330

Pipewire: pulse server alloca stack overflow_CVE-2026-14330

Multiple unbounded alloca() calls in the PulseAudio protocol server.

Red Hat Red Hat Enterprise Linux 10 CVE
MEDIUM 6.5 CVE-2026-14324

Pipewire: raop rtsp null deref_CVE-2026-14324

RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.

Red Hat Red Hat Enterprise Linux 10 CVE
HIGH 7.7 CVE-2026-13602

Session takeover vulnerability_CVE-2026-13602

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data...

pretix pretix 4.14.0 CVE
MEDIUM 6.4 CVE-2026-12374

Improper XPC caller certificate validation and TOCTOU race condition in macOS PrivilegedHelperTool_CVE-2026-12374

Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelperTool XPC service in Cato Client befo...

Cato Networks SDP Client 5.12.0 CVE
MEDIUM 4.3 CVE-2026-8480

Connection possible to the Administration portal with a revoked certificate_CVE-2026-8480

A vulnerability was discovered on Stormshield Network Security 4.3.0  to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (include...

Stormshield Stormshield Network Security 4.3.0 CVE
CRITICAL 9.3 CVE-2026-58127

PACSgear MediaWriter 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service_CVE-2026-58127

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj...

Hyland PACSgear MediaWriter 5.2.1 CVE
CRITICAL 9.3 CVE-2026-58126

PACSgear PACS Scan 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service_CVE-2026-58126

PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary f...

Hyland PACSgear PACS Scan 5.2.1 CVE
LOW 2.1 CVE-2026-58036

Users API leaks whether privileged users have their user groups disabled for lack of 2FA_CVE-2026-58036

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with...

Wikimedia Foundation MediaWiki 1.46.0-rc.0 CVE
MEDIUM 5.3 CVE-2026-58033

“Total number of distinct authors” statistic at action=info does not exclude revisions where the author name was deleted_CVE-2026-58033

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with...

Wikimedia Foundation MediaWiki * CVE