Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.4 CVE-2026-12374

Improper XPC caller certificate validation and TOCTOU race condition in macOS PrivilegedHelperTool_CVE-2026-12374

Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelperTool XPC service in Cato Client befo...

Cato Networks SDP Client 5.12.0 CVE
MEDIUM 4.3 CVE-2026-8480

Connection possible to the Administration portal with a revoked certificate_CVE-2026-8480

A vulnerability was discovered on Stormshield Network Security 4.3.0  to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (include...

Stormshield Stormshield Network Security 4.3.0 CVE
CRITICAL 9.3 CVE-2026-58127

PACSgear MediaWriter 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service_CVE-2026-58127

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj...

Hyland PACSgear MediaWriter 5.2.1 CVE
CRITICAL 9.3 CVE-2026-58126

PACSgear PACS Scan 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service_CVE-2026-58126

PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary f...

Hyland PACSgear PACS Scan 5.2.1 CVE
LOW 2.1 CVE-2026-58036

Users API leaks whether privileged users have their user groups disabled for lack of 2FA_CVE-2026-58036

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with...

Wikimedia Foundation MediaWiki 1.46.0-rc.0 CVE
MEDIUM 5.3 CVE-2026-58033

“Total number of distinct authors” statistic at action=info does not exclude revisions where the author name was deleted_CVE-2026-58033

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with...

Wikimedia Foundation MediaWiki * CVE
MEDIUM 5.3 CVE-2026-58032

mw.Api.getErrorMessage() may return injected HTML if used without errorformat=html_CVE-2026-58032

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This...

Wikimedia Foundation MediaWiki * CVE
MEDIUM 5.3 CVE-2026-58030

SyntaxHighlight stored XSS via unsanitized ‘linelinks’ attribute_CVE-2026-58030

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation SyntaxHighlight_G...

Wikimedia Foundation SyntaxHighlight_GeSHi * CVE
MEDIUM 5.3 CVE-2026-58029

Full Account Takeover from BotPasswords and OAuth via action=changeauthenticationdata_CVE-2026-58029

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php...

Wikimedia Foundation MediaWiki * CVE
MEDIUM 5.3 CVE-2026-58027

QueryAbuseFilter API can be used to see the hit count of private filters, which is hidden in the UI_CVE-2026-58027

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated wi...

Wikimedia Foundation AbuseFilter * CVE