Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.9 CVE-2026-56327

Capgo – Unauthenticated Organization Existence Oracle via public.invite_user_to_org RPC_CVE-2026-56327

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.invite_user_to_org RPC function that allows unauthenticated at...

Capgo Capgo CVE
MEDIUM 6.9 CVE-2026-56318

Capgo – Information Disclosure via /private/validate_password_compliance Endpoint_CVE-2026-56318

Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validate_password_compliance endpoint that returns different...

Capgo Capgo CVE
MEDIUM 6.9 CVE-2026-56277

Flowise – Hardcoded CORS Wildcard in TTS Endpoint_CVE-2026-56277

Flowise before 3.1.2 sets Access-Control-Allow-Origin to a hardcoded wildcard (*) on its text-to-speech (TTS) generation endpoint (packages/server/...

Flowise Flowise CVE
MEDIUM 5.1 CVE-2026-56224

Capgo – Login CSRF and Session Fixation via URL Query Parameters_CVE-2026-56224

Capgo console.capgo.app/login before 12.128.2 accepts access_token and refresh_token in URL query parameters, automatically authenticating users wi...

Capgo Capgo CVE
MEDIUM 5.1 CVE-2026-50040

Cross-site Scripting in StoneFly Storage Concentrator_CVE-2026-50040

Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. A...

StoneFly Storage Concentrator CVE
MEDIUM 5.6 CVE-2026-28322

SolarWinds Database Performance Analyzer Stored Cross-Site Scripting Vulnerability_CVE-2026-28322

SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to...

SolarWinds Database Performance Analyzer 2026.1 and below CVE
MEDIUM 6.9 CVE-2025-71381

Hono – Vary Header Injection in CORS Middleware_CVE-2025-71381

Hono before 4.10.2 (fixed in 4.10.3) contains a flaw in its CORS middleware: when the origin is not set to "*", the middleware copies the Vary head...

Hono Hono CVE
MEDIUM 6.3 CVE-2026-55223

c3p0 exposes a deserialization “sink” via JDBC DataSource bean properties_CVE-2026-55223

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for des...

swaldman c3p0 < 0.14.0 CVE
MEDIUM 6.5 CVE-2026-9002

IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled_CVE-2026-9002

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the...

IBM WebSphere Extreme Scale 8.6.1.0 CVE
MEDIUM 4.7 CVE-2026-3602

IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit is vulnerable to an sql injection_CVE-2026-3602

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is...

IBM App Connect Enterprise 13.0.1.0 CVE