Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-54592

Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input_CVE-2026-54592

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doc#each_child, when invoked re...

ohler55 oj < 3.17.3 CVE
HIGH 8.8 CVE-2026-52868

OFFIS DCMTK Toolkit Path Traversal_CVE-2026-52868

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deploymen...

OFFIS DICOM DCMTK Toolkit CVE
HIGH 8.7 CVE-2026-50254

OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime_CVE-2026-50254

An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-p...

OFFIS DICOM DCMTK Toolkit CVE
HIGH 8.7 CVE-2026-35505

OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime_CVE-2026-35505

An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows u...

OFFIS DICOM DCMTK Toolkit CVE
HIGH 7.4 CVE-2026-11541

IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling_CVE-2026-11541

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP requ...

IBM WebSphere Application Server 9.0 CVE
HIGH 7.5 CVE-2026-57585

MessagePack: Out-of-bounds read/crash on Unpacker reuse after caught error_CVE-2026-57585

MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a...

msgpack msgpack-python < 1.2.1 CVE
HIGH 8.7 CVE-2026-57995

phpMyFAQ – Privilege Escalation via Missing Self-Rights Constraint in GroupController::updatePermissions_CVE-2026-57995

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUP_EDIT administrators to ...

phpMyFAQ phpMyFAQ CVE
HIGH 7.1 CVE-2026-56328

Capgo – Integrity Issue in Release Routing via Multiple Public Channels_CVE-2026-56328

Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist simultaneously, while unnamed /updates requests with...

Capgo Capgo CVE
HIGH 7.1 CVE-2026-56320

Capgo – Org/App Scope Mismatch in Device Creation Endpoint_CVE-2026-56320

Capgo before 12.128.2 contains an authorization flaw in POST /private/create_device that accepts a caller-supplied org_id parameter without validat...

Capgo Capgo CVE
HIGH 8.7 CVE-2026-56300

Capgo – Unauthenticated API Key Validity and Permission Oracle via RPC Functions_CVE-2026-56300

Capgo before 12.128.2 contains unauthenticated security definer RPC functions get_user_id and get_org_perm_for_apikey that expose API key validity ...

Capgo Capgo CVE