Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.8 CVE-2026-58449

txtai – Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter_CVE-2026-58449

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolv...

neuml txtai CVE
CRITICAL 9.3 CVE-2026-50003

OFFIS DCMTK Toolkit Path Traversal_CVE-2026-50003

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, ...

OFFIS DICOM DCMTK Toolkit CVE
CRITICAL 9.3 CVE-2026-56700

Grav – Multiple Remote Code Execution Vulnerabilities via Unsafe Unserialize and Command Injection_CVE-2026-56700

Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls - in Scheduler\JobQueue, Framework\...

Grav Grav CVE
CRITICAL 9.3 CVE-2026-56278

Flowise – Session Hijacking via Weak Default Express Session Secret_CVE-2026-56278

Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses a weak hardcoded default secret ('flowise') for the express-session middleware whe...

Flowise Flowise CVE
CRITICAL 9.2 CVE-2026-56264

Crawl4AI – Arbitrary JavaScript Execution via /execute_js Endpoint_CVE-2026-56264

Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API server's /execute_js endpoint, which accepts and e...

Crawl4AI Crawl4AI 0.8.7 CVE
CRITICAL 10 CVE-2026-56415

OS Command Injection in StoneFly Storage Concentrator_CVE-2026-56415

Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A ...

Stonefly Storage Concentrator CVE
CRITICAL 10 CVE-2026-56413

OS Command Injection in StoneFly Storage Concentrator_CVE-2026-56413

Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default...

StoneFly Storage Concentrator CVE
CRITICAL 9.2 CVE-2026-55721

SQL Injection in StoneFly Storage Concentrator_CVE-2026-55721

Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie va...

StoneFly Storage Concentrator CVE
CRITICAL 9.3 CVE-2026-50110

Use of Hard-coded Credentials in StoneFly Storage Concentrator_CVE-2026-50110

Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the cred...

StoneFly Storage Concentrator CVE
CRITICAL 9.1 CVE-2026-7874

Weak Cryptographic Key Derivation Exposed All Stored Credentials_CVE-2026-7874

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivat...

IBM Langflow OSS 1.0.0 CVE