Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 10 CVE-2026-48276

ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)_CVE-2026-48276

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result ...

Adobe ColdFusion CVE
CRITICAL 9.1 CVE-2026-58172

Ocelot – IP Allow/Block List Bypass for WebSocket Upgrade Requests_CVE-2026-58172

Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based ...

ThreeMammals Ocelot CVE
CRITICAL 9.1 CVE-2026-58166

OpenBMB ChatDev – Unauthenticated Path Traversal in Upload Handler Allows Arbitrary File Write and Delete_CVE-2026-58166

OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows unauthenticated remote attackers to wri...

OpenBMB ChatDev CVE
CRITICAL 9.8 THN:18D5B5F2FBD...

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints_THN:18D5B5F2FBD829B5E2123067D35CAF01

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiA2GvsvmPnHZF-e1GDbhOVW4DxQZr79HzSMLp7-YKaA9DC-V2fVo6cmBig0bxUxWjK0Kz1mTm2Cmg6CrjaKg...

N/A N/A THN
CRITICAL 10 8AC491E4-591B-

Exploit for Improper Access Control in Widgetfactorylimited Jce_8AC491E4-591B-5C56-8013-7E0DC7148722

CVE-2026-48907 — Joomla JCE Unauthenticated RCE Lab PSsec Educational security research lab for CVE-2026-48907. --- Overview CVE-2026-48907 is a cr...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 539AF710-2749-

Exploit for Command Injection in Php_539AF710-2749-5930-885F-F827F584855E

CVE-2012-1823 - PHP CGI Argument Injection Remote Code Execution RCE Severity: Critical CVSS 9.8 CVE: CVE-2012-1823 Published: May 11, 2012 Affecte...

N/A N/A GITHUBEXPLOIT
CRITICAL 10 47950A77-F41D-

Exploit for CVE-2026-49869_47950A77-F41D-5310-A96F-B4B94D1E4D2F

Kestra CVE-2026-49869 / CVE-2026-53576 Scanner Scans Kestra instances for the endsWith"/configs" authentication filter bypass. Kestra's Authenticat...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.9 8F43F4B9-6528-

Exploit for Authorization Bypass Through User-Controlled Key in Langflow_8F43F4B9-6528-5606-8D84-E5AAE03367BB

CVE-2026-55255 - Langflow IDOR in /api/v1/responses Executive Summary This repository contains a local Docker lab for reproducing and validating CV...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 CVE-2026-43724

CVE-2026-43724_CVE-2026-43724

The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be ab...

Apple iOS and iPadOS CVE
CRITICAL 9.1 CVE-2026-55276

Apache Tomcat: Logged effective web.xml is incomplete_CVE-2026-55276

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not i...

Apache Software Foundation Apache Tomcat 11.0.0-M1 CVE