Lucene search
K

4626 matches found

CVE
CVE
added 2026/06/12 2:10 p.m.14 views

CVE-2026-6211

CVE-2026-6211 affects Global IT Informatics Services Inc. WEOLL (2.0.9 prior to 3.2.45.33). Root cause: unrestricted upload of files with dangerous types, with ACLs not properly constraining the accessed functionality. Impact: high confidentiality and integrity risk (network-based, low privileges...

8.7CVSS5.3AI score0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:10 p.m.12 views

EUVD-2026-36437

Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEOLL: from 2.0.9 before 3.2.45.33...

8.7CVSS5.2AI score0.0021EPSS
Exploits0References1
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/12 12:0 a.m.8 views

SwiftNIO: Out-of-bounds write via ByteBuffer index and length UInt32 overflow

A program using swift-nio is vulnerable to a potential out-of-bounds write when attacker-controlled index or length values exceeding UInt32.max are passed to some ByteBuffer methods. This affects all swift-nio versions from 1.0.0 to 2.99.0. It is fixed in 2.100.0 and later releases...

5.2AI score0.00042EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/11 2:47 p.m.30 views

CVE-2026-3341 IBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services

IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS0.00138EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 2:41 p.m.10 views

CVE-2026-7787 Unauthenticated Session History Access via Public Flow Execution

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

7.5CVSS5.5AI score0.00248EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 12:28 p.m.10 views

EUVD-2026-36238

Improper neutralization of special elements used in an expression language statement 'expression language injection' vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6...

5.3CVSS5.5AI score0.00417EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48671

Name of the Vulnerable Software and Affected Versions IBM Langflow Desktop versions 1.0.0 through 1.9.2 Description IBM Langflow is susceptible to server-side request forgery SSRF, a flaw where the server can be coerced into making requests to an unintended location. This issue can be triggered v...

5.4CVSS5.9AI score0.00138EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.11 views

CVE-2026-2638

A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...

7.3CVSS5.4AI score0.00085EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 8:39 a.m.11 views

BIT-APACHE-2026-42536 Apache HTTP Server: mod_xml2enc heap overflow

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with modxml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.5CVSS5.4AI score0.0071EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/10 2:27 a.m.10 views

SUSE CVE-2026-44186

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the modproxyftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

6.5CVSS5.4AI score0.00562EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/10 12:31 a.m.10 views

EUVD-2026-35892

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0...

5.9CVSS5.5AI score0.00262EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48533

🚨 CVE-2026-42542 TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are...

7.5CVSS5.3AI score0.00539EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

SpiceDB 授权问题漏洞

SpiceDB is a fine-grained permission database developed by the Authzed team. In versions 1.15.0 to 1.52.0 of SpiceDB, there was an authorization vulnerability. This vulnerability stemmed from the caveat structure, which contained nested lists, potentially leading to improper caching reuse...

2.3CVSS5.3AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

NLnet Labs ldns 访问控制错误漏洞

NLnet Labs ldns is a DNS library developed by the Nlnet Foundation in the Netherlands, designed for easy programming of DNS tools. Versions 1.2.0 to 1.9.0 of NLnet Labs ldns contain access control vulnerability issues. This vulnerability arises from the fact that when used as a UDP resolver, the...

8.2CVSS5.3AI score0.00147EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:49 p.m.24 views

CVE-2026-41730

Spring Data REST is the affected component. The CVE describes that it serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence‑layer internals to HTTP clients. Affected versions include Spring Data REST 3.7.0–3.7.19; 4.3.0–4.3.16; 4.4.0–4.4.14; 4...

5.3CVSS5.5AI score0.00197EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/06/09 10:7 p.m.97 views

ollama-silent-patches

OLLAMA SILENT PATCH DISCLOSURE — PUBLIC RELEASE v2 Responsi...

9.8CVSS7.3AI score0.01001EPSS
Exploits4
Vulnrichment
Vulnrichment
added 2026/06/09 4:22 p.m.9 views

CVE-2026-42567 Svelte: ReDoS in `<svelte:element>` Tag Validation

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in . This issue has been patched in version 5.55.7...

5.9CVSS5.4AI score0.00421EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 11:16 a.m.12 views

CVE-2026-47350

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3...

5.3CVSS0.00238EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 8:46 a.m.27 views

CVE-2026-24349

The CVE-2026-24349 entry affects SIMATIC WinCC Unified PC Runtime V16–V21 (all versions up to but not including V21 Update 2). The root cause is insufficient protection of key material in WinCC Certificate Manager, which could allow an attacker to extract sensitive information. All connected sour...

8.2CVSS5.4AI score0.00057EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 3:48 a.m.9 views

CVE-2026-41715 Reactor Netty HTTP Client Leaks Credentials On Protocol Downgrade Redirect

In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects. Affected versions: Reactor Netty 1.0.0 through 1.0.51;...

6.1CVSS5.5AI score0.00172EPSS
Exploits0References1
Rows per page
Query Builder