Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.3 CVE-2026-5138

Foreman: foreman: information disclosure via improper validation of nested request parameters_CVE-2026-5138

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. Th...

Red Hat Red Hat Satellite 6 CVE
MEDIUM 6.5 CVE-2026-5135

Foreman: foreman: unauthorized modification of host configurations via broken access control_CVE-2026-5135

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existi...

Red Hat Red Hat Satellite 6 CVE
HIGH 8.7 CVE-2026-58399

@acastellon/auth has an authentication bypass via spoofable headers in validateToken()_CVE-2026-58399

@acastellon/auth is an authentication control system for microservices. Versions prior to 2.3.0 appear to allow an unauthenticated authentication b...

antonio-castellon module-auth < 2.3.0 CVE
HIGH 8.2 CVE-2026-2891

Poly Voice Devices (CCX, Trio, Edge E) – Potential Denial of Service_CVE-2026-2891

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed dat...

HP Inc CCX CVE
CRITICAL 9.1 CVE-2026-23537

Feast: unauthenticated arbitrary file write_CVE-2026-23537

A vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an unauthenticated remote attacker to write...

Feast Feast Feature Server CVE
MEDIUM 5.5 CVE-2026-14330

Pipewire: pulse server alloca stack overflow_CVE-2026-14330

Multiple unbounded alloca() calls in the PulseAudio protocol server.

Red Hat Red Hat Enterprise Linux 10 CVE
MEDIUM 6.5 CVE-2026-14324

Pipewire: raop rtsp null deref_CVE-2026-14324

RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.

Red Hat Red Hat Enterprise Linux 10 CVE
HIGH 7.7 CVE-2026-13602

Session takeover vulnerability_CVE-2026-13602

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data...

pretix pretix 4.14.0 CVE
MEDIUM 6.4 CVE-2026-12374

Improper XPC caller certificate validation and TOCTOU race condition in macOS PrivilegedHelperTool_CVE-2026-12374

Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelperTool XPC service in Cato Client befo...

Cato Networks SDP Client 5.12.0 CVE
MEDIUM 4.3 CVE-2026-8480

Connection possible to the Administration portal with a revoked certificate_CVE-2026-8480

A vulnerability was discovered on Stormshield Network Security 4.3.0  to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (include...

Stormshield Stormshield Network Security 4.3.0 CVE