Security Advisories
Real-world vulnerabilities discovered and responsibly disclosed by turingpoint in widely used open-source and enterprise software.
Security Research
Published Advisories
turingpoint conducts active security research on widely used open-source and enterprise software. Many of these vulnerabilities surface directly during penetration tests for our clients. The following findings were identified by us, disclosed in coordination with the vendors (coordinated disclosure), and published as CVEs once a patch became available.
- 2026-05-30WekanpendingArbitrary file read + DoS via `versions.original.path` in attachments7.1 · High
- 2026-04-26HeadplaneCVE-2026-46484Path traversal + RBAC bypass in `renameNode`8.1 · High
- 2026-04-24authentikCVE-2026-42849Reflected XSS in the SFE AutosubmitStage via OAuth2 redirect_uri/state9.3 · Critical
- 2026-04-24Argo CDCVE-2026-45738Stored XSS via the link.argocd.argoproj.io/* annotation7.3 · High
- 2026-04-23ILIASpendingBlind SQL injection in the MyStaff lists via `_table_nav` (whitelist bypass)9.3 · Critical
Coordinated Disclosure
turingpoint follows the principle of coordinated disclosure: vulnerabilities we find are first reported confidentially to the affected vendor and only documented publicly once a patch is available. This gives users the opportunity to secure their systems before technical details become known.
This Expertise for Your Software
Our team finds critical vulnerabilities in production software before attackers do. Have your applications tested by the same specialists, with a penetration test from turingpoint.