Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.1 CVE-2026-53906

Path Disclosure and Path Traversal in MCO_CVE-2026-53906

MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of th...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 5.3 CVE-2026-53905

Unauthorized Access to Administrator ACL View in MCO_CVE-2026-53905

MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint. An aut...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 6.3 CVE-2026-53904

Account Denial of Service in MCO_CVE-2026-53904

MCO is vulnerable to Account Denial of Service due to improper implementation of password reset functionality. Each password reset request invalida...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 5.3 CVE-2026-53903

Insecure Direct Object Reference in MCO_CVE-2026-53903

MCO is vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability in the /customer/servlet/mco/webapi/trading-document/fetchPdfStatemen...

MyComplianceOffice MCO 25.3.3.1 CVE
HIGH 7.1 CVE-2026-53902

Privilege Escalation in MCO_CVE-2026-53902

MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/profile-sections/group-membership endpoint. An authenticated...

MyComplianceOffice MCO 25.3.3.1 CVE
HIGH 8.8 CVE-2026-5136

Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation_CVE-2026-5136

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. Thi...

Red Hat Red Hat Satellite 6 CVE
CRITICAL 9.8 CVE-2026-57692

WordPress PrivateContent plugin <= 9.9.2 - Privilege Escalation vulnerability_CVE-2026-57692

Incorrect Privilege Assignment vulnerability in LCweb PrivateContent allows Privilege Escalation. This issue affects PrivateContent: from n/a thro...

LCweb PrivateContent n/a CVE
HIGH 8.8 THN:45DBF678A05...

AI-Generated Browser Ransomware Abuses Chromium API on Windows and Android_THN:45DBF678A05E043F3FDBB5FE129695AB

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4BJdHYquuxXoz8n0LhMEmm9KPcWcMC57w4LnqbMNCPXMAFdS95ys3zE6F5jZOvSKwsVWp6t3z8pVImRJ3Nv...

N/A N/A THN
CRITICAL 9 CVE-2026-13603

SSRF with API key leak in pretix-oppwa_CVE-2026-13603

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's techno...

pretix pretix-oppwa CVE
HIGH 8.1 E4BC4653-1B76-

harfbuzz-stch-oob-write_E4BC4653-1B76-59F0-83C7-DDDABD36A472

HarfBuzz applystch — Integer Overflow → Heap OOB Write Crash harness, trigger font, and browser PoC for the integer overflow in HarfBuzz's applystc...

N/A N/A GITHUBEXPLOIT