Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-54261

Wagtail: Improper permission handling in image preview_CVE-2026-54261

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check...

wagtail wagtail < 7.0.8 CVE
MEDIUM 4.3 CVE-2026-54260

Wagtail: Denial of service via unbounded filter specs in the image preview_CVE-2026-54260

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can t...

wagtail wagtail < 7.0.8 CVE
MEDIUM 4.3 CVE-2026-54259

Wagtail: Improper restriction handling on Documents and Images chosen endpoints_CVE-2026-54259

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images chooser'...

wagtail wagtail < 7.0.8 CVE
MEDIUM 5.9 CVE-2026-55793

Craft CMS: Stored XSS via Structure entry title in table view_CVE-2026-55793

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious Java...

craftcms cms >= 5.0.0-RC1, < 5.9.23 CVE
HIGH 7.1 CVE-2026-50284

Craft CMS: Missing peer-permission check in `AssetsController::actionDeleteFolder` allows deletion of other users’ assets_CVE-2026-50284

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14, theAssetsController::actionDele...

craftcms cms =>= 5.0.0-RC1, < 5.9.22 CVE
MEDIUM 5.3 CVE-2026-50283

Craft CMS: Unauthorized Deletion of Source Assets During File Replacement_CVE-2026-50283

Craft CMS is a content management system (CMS). Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in ...

craftcms cms >= 5.0.0-RC1, < 5.9.21 CVE
HIGH 7.6 CVE-2026-14440

Cloudflare Universal SSL automatically managed CAA RRset supersedes customer-configured CAA records_CVE-2026-14440

Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset...

Cloudflare Universal SSL CVE
HIGH 7.4 CVE-2026-55790

Craft CMS: DOM XSS via GitHub issue title in CraftSupport widget_CVE-2026-55790

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub ...

craftcms cms >= 5.0.0-RC1, < 5.9.23 CVE
CRITICAL 9.4 CVE-2026-14439

Path Traversal in Altium Git Service Allows Remote Code Execution_CVE-2026-14439

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequenc...

Altium Altium Enterprise Server CVE
HIGH 8.7 CVE-2026-55794

Craft CMS: Potential authenticated Remote Code Execution via referrer redirect_CVE-2026-55794

Craft CMS is a content management system (CMS). In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries c...

craftcms cms >= 5.9.0, < 5.10.0 CVE