Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.9 CVE-2026-56016

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources_CVE-2026-56016

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generate_id method builds the s...

MARKSTOS CGI::Session::ID::md5 CVE
HIGH 7.6 CVE-2026-6687

FatFs Stack Buffer Overflow via Uncapped exFAT Label Length_CVE-2026-6687

FatFs R0.16 and earlier contains a stack overflow bug in f_getlabel() because exFAT label length (XDIR_NumLabel) is trusted without enforcing spec ...

ChaN FatFs CVE
MEDIUM 4.6 CVE-2026-6686

FatFs Use of Uninitialized Clusters After Seek Past EOF_CVE-2026-6686

FatFs R0.16 and earlier contains an uninitialized cluster exposure when f_lseek() extends files beyond EOF without zero-filling newly allocated clu...

ChaN FatFs CVE
MEDIUM 6.1 CVE-2026-6685

FatFs Integer Underflow in Dirty-Sector Cache Flush_CVE-2026-6685

FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in f_read() / f_write() (fp->sect - sect < cc) during inter...

ChaN FatFs CVE
MEDIUM 4.6 CVE-2026-6684

FatFs Infinite Loop in GPT Partition Scan_CVE-2026-6684

FatFs prior to R0.16 that use GPT scanning with 'FF_LBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTH_P...

ChaN FatFs CVE
MEDIUM 4.6 CVE-2026-6683

FatFs Divide-by-Zero in exFAT Sync_CVE-2026-6683

FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes n_fatent - 2 to be zero during write/sync op...

ChaN FatFs CVE
HIGH 7.6 CVE-2026-6682

FatFs Integer Overflow in FAT32 Volume Mount_CVE-2026-6682

In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mount_volume() where fasize *= fs->n_fats can wrap, leading to attacker-control...

ChaN FatFs CVE
MEDIUM 5.4 CVE-2026-6283

Stored XSS in DivvyDrive Information Technologies’ DivvyDrive_CVE-2026-6283

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. Divv...

DivvyDrive Information Technologies Inc. DivvyDrive v.4.8.2.23 CVE
MEDIUM 6.4 CVE-2026-5220

Stored XSS in DivvyDrive Information Technologies’ DivvyDrive_CVE-2026-5220

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. Divv...

DivvyDrive Information Technologies Inc. DivvyDrive 4.8.2.23 CVE
MEDIUM 6.5 CVE-2026-5142

Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass_CVE-2026-5142

A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, allowing them to download private SSH...

Red Hat Red Hat Satellite 6 CVE