Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.1 CVE-2026-14198

@fastify/middie vulnerable to authorization bypass via encoded slash in path parameter values_CVE-2026-14198

@fastify/middie versions 9.1.0 through 9.3.2 decode the encoded slash %2F inside path parameter values before matching middleware paths, while Fast...

Fastify @fastify/middie 9.1.0 CVE
HIGH 7.5 CVE-2026-14181

@fastify/middie standalone engine vulnerable to Denial of Service via malformed percent-encoded paths_CVE-2026-14181

@fastify/middie versions 9.1.0 through 9.3.2 fail to guard the URL normalization step used by the standalone engine when incoming request paths con...

@fastify/middie @fastify/middie 9.1.0 CVE
MEDIUM 4.1 CVE-2026-13323

CVE-2026-13323_CVE-2026-13323

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-S...

Eclipse Foundation Eclipse Open VSX 0.1.0 CVE
LOW 2.4 CVE-2026-8387

Relative Path Traversal in allegroai/clearml_CVE-2026-8387

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting `.zip` archives using t...

allegroai allegroai/clearml unspecified CVE
HIGH 8.1 CVE-2026-5120

Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026_CVE-2026-5120

A Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026 could allow a user to access unauthorized data from...

Dassault Systèmes BIOVIA Workbook Release 2021 Golden CVE
MEDIUM 5.3 CVE-2026-53909

Arbitrary File Upload in MCO_CVE-2026-53909

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypas...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 6.9 CVE-2026-53908

User Enumeration in MCO_CVE-2026-53908

MCO is vulnerable to User Enumeration through authentication-related functionalities. The application returns distinguishable responses for valid a...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 4.8 CVE-2026-53907

Stored Cross‑Site Scripting in MCO_CVE-2026-53907

MCO is vulnerable to Stored Cross‑Site Scripting (XSS) via the application logo upload functionality. An attacker with the ability to change the ap...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 5.1 CVE-2026-53906

Path Disclosure and Path Traversal in MCO_CVE-2026-53906

MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of th...

MyComplianceOffice MCO 25.3.3.1 CVE
MEDIUM 5.3 CVE-2026-53905

Unauthorized Access to Administrator ACL View in MCO_CVE-2026-53905

MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint. An aut...

MyComplianceOffice MCO 25.3.3.1 CVE