Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 10 8AC491E4-591B-

Exploit for Improper Access Control in Widgetfactorylimited Jce_8AC491E4-591B-5C56-8013-7E0DC7148722

CVE-2026-48907 — Joomla JCE Unauthenticated RCE Lab PSsec Educational security research lab for CVE-2026-48907. --- Overview CVE-2026-48907 is a cr...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 539AF710-2749-

Exploit for Command Injection in Php_539AF710-2749-5930-885F-F827F584855E

CVE-2012-1823 - PHP CGI Argument Injection Remote Code Execution RCE Severity: Critical CVSS 9.8 CVE: CVE-2012-1823 Published: May 11, 2012 Affecte...

N/A N/A GITHUBEXPLOIT
CRITICAL 10 47950A77-F41D-

Exploit for CVE-2026-49869_47950A77-F41D-5310-A96F-B4B94D1E4D2F

Kestra CVE-2026-49869 / CVE-2026-53576 Scanner Scans Kestra instances for the endsWith"/configs" authentication filter bypass. Kestra's Authenticat...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.9 8F43F4B9-6528-

Exploit for Authorization Bypass Through User-Controlled Key in Langflow_8F43F4B9-6528-5606-8D84-E5AAE03367BB

CVE-2026-55255 - Langflow IDOR in /api/v1/responses Executive Summary This repository contains a local Docker lab for reproducing and validating CV...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 CVE-2026-43724

CVE-2026-43724_CVE-2026-43724

The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be ab...

Apple iOS and iPadOS CVE
CRITICAL 9.1 CVE-2026-55276

Apache Tomcat: Logged effective web.xml is incomplete_CVE-2026-55276

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not i...

Apache Software Foundation Apache Tomcat 11.0.0-M1 CVE
CRITICAL 9.1 CVE-2026-39868

CVE-2026-39868_CVE-2026-39868

This issue was addressed with improved input validation. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be abl...

Apple iOS and iPadOS CVE
CRITICAL 9.1 CVE-2026-53434

Apache Tomcat: Invalid CRL configuration doesn’t trigger failure for FFM Connector_CVE-2026-53434

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apa...

Apache Software Foundation Apache Tomcat 11.0.0-M1, 10.1.0-M7, 9.0.83 CVE
CRITICAL 9.1 CVE-2026-6556

@fastify/express vulnerable to middleware bypass via non-string mount paths in prefixed plugins_CVE-2026-6556

@fastify/express versions 4.0.6 and earlier only rewrite the plugin prefix for middleware mount paths when the path argument is a string. Non-strin...

@fastify/express @fastify/express CVE
CRITICAL 9.3 CVE-2026-58116

LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path_CVE-2026-58116

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code...

hiyouga LlamaFactory 0.9.5 CVE