Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.8 CVE-2026-13821

CVE-2026-13821_CVE-2026-13821

Use after free in Canvas in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted...

Google Chrome 150.0.7871.47 CVE
MEDIUM 5.3 CVE-2026-20457

CVE-2026-20457_CVE-2026-20457

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to ...

MediaTek, Inc. MediaTek chipset MT2735 CVE
CRITICAL 9.1 CVE-2026-14198

@fastify/middie vulnerable to authorization bypass via encoded slash in path parameter values_CVE-2026-14198

@fastify/middie versions 9.1.0 through 9.3.2 decode the encoded slash %2F inside path parameter values before matching middleware paths, while Fast...

Fastify @fastify/middie 9.1.0 CVE
HIGH 7.5 CVE-2026-14181

@fastify/middie standalone engine vulnerable to Denial of Service via malformed percent-encoded paths_CVE-2026-14181

@fastify/middie versions 9.1.0 through 9.3.2 fail to guard the URL normalization step used by the standalone engine when incoming request paths con...

@fastify/middie @fastify/middie 9.1.0 CVE
MEDIUM 4.1 CVE-2026-13323

CVE-2026-13323_CVE-2026-13323

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-S...

Eclipse Foundation Eclipse Open VSX 0.1.0 CVE
LOW 2.4 CVE-2026-8387

Relative Path Traversal in allegroai/clearml_CVE-2026-8387

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting `.zip` archives using t...

allegroai allegroai/clearml unspecified CVE
HIGH 8.1 CVE-2026-5120

Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026_CVE-2026-5120

A Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026 could allow a user to access unauthorized data from...

Dassault Systèmes BIOVIA Workbook Release 2021 Golden CVE
MEDIUM 5.3 CVE-2026-53909

Arbitrary File Upload in MCO_CVE-2026-53909

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypas...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 6.9 CVE-2026-53908

User Enumeration in MCO_CVE-2026-53908

MCO is vulnerable to User Enumeration through authentication-related functionalities. The application returns distinguishable responses for valid a...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 4.8 CVE-2026-53907

Stored Cross‑Site Scripting in MCO_CVE-2026-53907

MCO is vulnerable to Stored Cross‑Site Scripting (XSS) via the application logo upload functionality. An attacker with the ability to change the ap...

MyComplianceOffice MCO 25.3.3.1 CVE