Publicly disclosed vulnerabilities discovered by or reported to Fluid Attacks
AI SAST Scanner
Akaunting 3.1.21 - Authenticated stored XSS in report description rendering
4.8
Medium
CVE-2026-11994
Published date:
Jun 19, 2026
Detected by
Fluid Attacks AI SAST Scanner,
disclosed by
Oscar Naveda
AI SAST Scanner
Stored XSS via missing XSS safety check in Admin2 Pages API partial validation
5.1
Medium
CVE-2026-11982
Published date:
Jun 18, 2026
Detected by
Fluid Attacks AI SAST Scanner,
disclosed by
Santiago Alvarez
Our pentesters
Plane 1.3.1 - Stored XSS in intake issue description_html
6.9
Medium
CVE-2026-10850
Published date:
Jun 17, 2026
Discovered by
Oscar Naveda
AI SAST Scanner
Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint
5.1
Medium
CVE-2026-10715
Published date:
Jun 12, 2026
Detected by
Fluid Attacks AI SAST Scanner,
disclosed by
Oscar Naveda
External pentesters
openSIS Classic 9.3 - Insecure Direct Object Reference in Sent Mail
7.1
High
CVE-2026-8406
Published date:
Jun 11, 2026
Discovered by
Daniel Esteban Celis
Our pentesters
X-VPN macOS website versions 77.0–77.5 - Local Privilege Escalation
7.3
High
CVE-2026-2638
Published date:
Jun 7, 2026
Discovered by
Oscar Uribe
AI SAST Scanner
ERPNext 16.16.0 - Stored XSS in POS cart item rendering
4.8
Medium
CVE-2026-42839
Published date:
Jun 3, 2026
Detected by
Fluid Attacks AI SAST Scanner,
disclosed by
Oscar Naveda
AI SAST Scanner
ERPNext 16.16.0 - Stored XSS in POS customer section via unescaped template literals
5.1
Medium
CVE-2026-42840
Published date:
Jun 3, 2026
Detected by
Fluid Attacks AI SAST Scanner,
disclosed by
Oscar Naveda
Load more
AI SAST Scanner
Akaunting 3.1.21 - Authenticated stored XSS in report description rendering
4.8
Medium
CVE-2026-11994
Published date:
Jun 19, 2026
Detected by
Fluid Attacks AI SAST Scanner,
disclosed by
Oscar Naveda
AI SAST Scanner
Stored XSS via missing XSS safety check in Admin2 Pages API partial validation
5.1
Medium
CVE-2026-11982
Published date:
Jun 18, 2026
Detected by
Fluid Attacks AI SAST Scanner,
disclosed by
Santiago Alvarez
Our pentesters
Plane 1.3.1 - Stored XSS in intake issue description_html
6.9
Medium
CVE-2026-10850
Published date:
Jun 17, 2026
Discovered by
Oscar Naveda
AI SAST Scanner
Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint
5.1
Medium
CVE-2026-10715
Published date:
Jun 12, 2026
Detected by
Fluid Attacks AI SAST Scanner,
disclosed by
Oscar Naveda
External pentesters
openSIS Classic 9.3 - Insecure Direct Object Reference in Sent Mail
7.1
High
CVE-2026-8406
Published date:
Jun 11, 2026
Discovered by
Daniel Esteban Celis
Our pentesters
X-VPN macOS website versions 77.0–77.5 - Local Privilege Escalation
7.3
High
CVE-2026-2638
Published date:
Jun 7, 2026
Discovered by
Oscar Uribe
AI SAST Scanner
ERPNext 16.16.0 - Stored XSS in POS cart item rendering
4.8
Medium
CVE-2026-42839
Published date:
Jun 3, 2026
Detected by
Fluid Attacks AI SAST Scanner,
disclosed by
Oscar Naveda
AI SAST Scanner
ERPNext 16.16.0 - Stored XSS in POS customer section via unescaped template literals
5.1
Medium
CVE-2026-42840
Published date:
Jun 3, 2026
Detected by
Fluid Attacks AI SAST Scanner,
disclosed by
Oscar Naveda
Load more
AI SAST Scanner
Akaunting 3.1.21 - Authenticated stored XSS in report description rendering
4.8
Medium
CVE-2026-11994
Published date:
Jun 19, 2026
Discovered by
Oscar Naveda
Detected by
Fluid Attacks AI SAST Scanner,
disclosed by
Oscar Naveda
AI SAST Scanner
Stored XSS via missing XSS safety check in Admin2 Pages API partial validation
5.1
Medium
CVE-2026-11982
Published date:
Jun 18, 2026
Discovered by
Santiago Alvarez
Detected by
Fluid Attacks AI SAST Scanner,
disclosed by
Santiago Alvarez
Our pentesters
Plane 1.3.1 - Stored XSS in intake issue description_html
6.9
Medium
CVE-2026-10850
Published date:
Jun 17, 2026
Discovered by
Oscar Naveda
AI SAST Scanner
Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint
5.1
Medium
CVE-2026-10715
Published date:
Jun 12, 2026
Discovered by
Oscar Naveda
Detected by
Fluid Attacks AI SAST Scanner,
disclosed by
Oscar Naveda
External pentesters
openSIS Classic 9.3 - Insecure Direct Object Reference in Sent Mail
7.1
High
CVE-2026-8406
Published date:
Jun 11, 2026
Discovered by
Daniel Esteban Celis
Our pentesters
X-VPN macOS website versions 77.0–77.5 - Local Privilege Escalation
7.3
High
CVE-2026-2638
Published date:
Jun 7, 2026
Discovered by
Oscar Uribe
AI SAST Scanner
ERPNext 16.16.0 - Stored XSS in POS cart item rendering
4.8
Medium
CVE-2026-42839
Published date:
Jun 3, 2026
Discovered by
Oscar Naveda
Detected by
Fluid Attacks AI SAST Scanner,
disclosed by
Oscar Naveda
AI SAST Scanner
ERPNext 16.16.0 - Stored XSS in POS customer section via unescaped template literals
5.1
Medium
CVE-2026-42840
Published date:
Jun 3, 2026
Discovered by
Oscar Naveda
Detected by
Fluid Attacks AI SAST Scanner,
disclosed by
Oscar Naveda
Load more
Learn about our policy for disclosing advisories of vulnerabilities in third-party, open-source products.
Start your 21-day free trial
Discover the benefits of our Continuous Hacking solution, which organizations of all sizes are already enjoying.
Start your 21-day free trial
Discover the benefits of our Continuous Hacking solution, which organizations of all sizes are already enjoying.
Start your 21-day free trial
Discover the benefits of our Continuous Hacking solution, which organizations of all sizes are already enjoying.
Fluid Attacks' solutions enable organizations to identify, prioritize, and remediate vulnerabilities in their software throughout the SDLC. Supported by AI, automated tools, and pentesters, Fluid Attacks accelerates companies' risk exposure mitigation and strengthens their cybersecurity posture.
Get an AI summary of Fluid Attacks
Products
Targets
Subscribe to our newsletter
Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.
© 2026 Fluid Attacks. We hack your software.
Fluid Attacks' solutions enable organizations to identify, prioritize, and remediate vulnerabilities in their software throughout the SDLC. Supported by AI, automated tools, and pentesters, Fluid Attacks accelerates companies' risk exposure mitigation and strengthens their cybersecurity posture.
Products
Targets
Subscribe to our newsletter
Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.
Get an AI summary of Fluid Attacks
© 2026 Fluid Attacks. We hack your software.
Fluid Attacks' solutions enable organizations to identify, prioritize, and remediate vulnerabilities in their software throughout the SDLC. Supported by AI, automated tools, and pentesters, Fluid Attacks accelerates companies' risk exposure mitigation and strengthens their cybersecurity posture.
Products
Targets
Subscribe to our newsletter
Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.
Get an AI summary of Fluid Attacks
© 2026 Fluid Attacks. We hack your software.