Publicly disclosed vulnerabilities discovered by or reported to Fluid Attacks

Search by term

Search filters

Discovered by

All

Severity

All

External pentesters

osTicket v1.18.3 - v1,17.7 - BOLA/IDOR in ticket field viewing allows cross-department data disclosure

7.1

High

CVE-2026-14871

Published date:

Jul 17, 2026

Discovered by

Juan Felipe Osorio Z

External pentesters

openSIS Classic 9.3 - Authenticated path traversal in SentMail attachment download

5.3

Medium

CVE-2026-11944

Published date:

Jul 9, 2026

Discovered by

Daniel Esteban Celis

Our pentesters

PayloadCMS 3.84.1 - Authenticated account lockout bypass through default unlock access

5.3

Medium

CVE-2026-11779

Published date:

Jun 26, 2026

Discovered by

Oscar Naveda

AI SAST Scanner

Frappe Framework 17.0.0-dev - Stored XSS in Tree View node label rendering

4.8

Medium

CVE-2026-50712

Published date:

Jun 24, 2026

Detected by

Fluid Attacks AI SAST Scanner,

disclosed by

Oscar Uribe

AI SAST Scanner

Frappe Framework 17.0.0-dev - Stored XSS in Number Card filter fields rendering

4.6

Medium

CVE-2026-50711

Published date:

Jun 24, 2026

Detected by

Fluid Attacks AI SAST Scanner,

disclosed by

Oscar Uribe

AI SAST Scanner

Frappe Framework 17.0.0-dev - Stored XSS via eval in Number Card filters_config

4.6

Medium

CVE-2026-50710

Published date:

Jun 24, 2026

Detected by

Fluid Attacks AI SAST Scanner,

disclosed by

Oscar Uribe

AI SAST Scanner

Frappe Framework 17.0.0-dev - Stored XSS in Notifications Events color rendering

4.8

Medium

CVE-2026-50709

Published date:

Jun 24, 2026

Detected by

Fluid Attacks AI SAST Scanner,

disclosed by

Oscar Uribe

AI SAST Scanner

Frappe Framework 17.0.0-dev - Stored XSS in Multi Select Dialog result rendering

4.8

Medium

CVE-2026-50708

Published date:

Jun 24, 2026

Detected by

Fluid Attacks AI SAST Scanner,

disclosed by

Oscar Uribe

Load more

Search by term

Search filters

Discovered by

All

Severity

All

External pentesters

osTicket v1.18.3 - v1,17.7 - BOLA/IDOR in ticket field viewing allows cross-department data disclosure

7.1

High

CVE-2026-14871

Published date:

Jul 17, 2026

Discovered by

Juan Felipe Osorio Z

External pentesters

openSIS Classic 9.3 - Authenticated path traversal in SentMail attachment download

5.3

Medium

CVE-2026-11944

Published date:

Jul 9, 2026

Discovered by

Daniel Esteban Celis

Our pentesters

PayloadCMS 3.84.1 - Authenticated account lockout bypass through default unlock access

5.3

Medium

CVE-2026-11779

Published date:

Jun 26, 2026

Discovered by

Oscar Naveda

AI SAST Scanner

Frappe Framework 17.0.0-dev - Stored XSS in Tree View node label rendering

4.8

Medium

CVE-2026-50712

Published date:

Jun 24, 2026

Detected by

Fluid Attacks AI SAST Scanner,

disclosed by

Oscar Uribe

AI SAST Scanner

Frappe Framework 17.0.0-dev - Stored XSS in Number Card filter fields rendering

4.6

Medium

CVE-2026-50711

Published date:

Jun 24, 2026

Detected by

Fluid Attacks AI SAST Scanner,

disclosed by

Oscar Uribe

AI SAST Scanner

Frappe Framework 17.0.0-dev - Stored XSS via eval in Number Card filters_config

4.6

Medium

CVE-2026-50710

Published date:

Jun 24, 2026

Detected by

Fluid Attacks AI SAST Scanner,

disclosed by

Oscar Uribe

AI SAST Scanner

Frappe Framework 17.0.0-dev - Stored XSS in Notifications Events color rendering

4.8

Medium

CVE-2026-50709

Published date:

Jun 24, 2026

Detected by

Fluid Attacks AI SAST Scanner,

disclosed by

Oscar Uribe

AI SAST Scanner

Frappe Framework 17.0.0-dev - Stored XSS in Multi Select Dialog result rendering

4.8

Medium

CVE-2026-50708

Published date:

Jun 24, 2026

Detected by

Fluid Attacks AI SAST Scanner,

disclosed by

Oscar Uribe

Load more

Search by term

Search filters

Discovered by

All

Severity

All

External pentesters

osTicket v1.18.3 - v1,17.7 - BOLA/IDOR in ticket field viewing allows cross-department data disclosure

7.1

High

CVE-2026-14871

Published date:

Jul 17, 2026

Discovered by

Juan Felipe Osorio Z

External pentesters

openSIS Classic 9.3 - Authenticated path traversal in SentMail attachment download

5.3

Medium

CVE-2026-11944

Published date:

Jul 9, 2026

Discovered by

Daniel Esteban Celis

Our pentesters

PayloadCMS 3.84.1 - Authenticated account lockout bypass through default unlock access

5.3

Medium

CVE-2026-11779

Published date:

Jun 26, 2026

Discovered by

Oscar Naveda

AI SAST Scanner

Frappe Framework 17.0.0-dev - Stored XSS in Tree View node label rendering

4.8

Medium

CVE-2026-50712

Published date:

Jun 24, 2026

Discovered by

Oscar Uribe

Detected by

Fluid Attacks AI SAST Scanner,

disclosed by

Oscar Uribe

AI SAST Scanner

Frappe Framework 17.0.0-dev - Stored XSS in Number Card filter fields rendering

4.6

Medium

CVE-2026-50711

Published date:

Jun 24, 2026

Discovered by

Oscar Uribe

Detected by

Fluid Attacks AI SAST Scanner,

disclosed by

Oscar Uribe

AI SAST Scanner

Frappe Framework 17.0.0-dev - Stored XSS via eval in Number Card filters_config

4.6

Medium

CVE-2026-50710

Published date:

Jun 24, 2026

Discovered by

Oscar Uribe

Detected by

Fluid Attacks AI SAST Scanner,

disclosed by

Oscar Uribe

AI SAST Scanner

Frappe Framework 17.0.0-dev - Stored XSS in Notifications Events color rendering

4.8

Medium

CVE-2026-50709

Published date:

Jun 24, 2026

Discovered by

Oscar Uribe

Detected by

Fluid Attacks AI SAST Scanner,

disclosed by

Oscar Uribe

AI SAST Scanner

Frappe Framework 17.0.0-dev - Stored XSS in Multi Select Dialog result rendering

4.8

Medium

CVE-2026-50708

Published date:

Jun 24, 2026

Discovered by

Oscar Uribe

Detected by

Fluid Attacks AI SAST Scanner,

disclosed by

Oscar Uribe

Load more

Learn about our policy for disclosing advisories of vulnerabilities in third-party, open-source products.

Start your 21-day free trial

Discover the benefits of the Fluid Attacks solution, which organizations of all sizes are already enjoying.

Start your 21-day free trial

Discover the benefits of the Fluid Attacks solution, which organizations of all sizes are already enjoying.

Start your 21-day free trial

Discover the benefits of the Fluid Attacks solution, which organizations of all sizes are already enjoying.

Fluid Attacks' solutions enable organizations to identify, prioritize, and remediate vulnerabilities in their software throughout the SDLC. Supported by AI, automated tools, and pentesters, Fluid Attacks accelerates companies' risk exposure mitigation and strengthens their cybersecurity posture.

Get an AI summary of Fluid Attacks

Subscribe to our newsletter

Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.

© 2026 Fluid Attacks. We hack your software.

Subscribe to our newsletter

Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.

Get an AI summary of Fluid Attacks

© 2026 Fluid Attacks. We hack your software.

Subscribe to our newsletter

Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.

Get an AI summary of Fluid Attacks

© 2026 Fluid Attacks. We hack your software.