CVE-2026-6605 modelscope agentscope Internal Service _common.py _get_bytes_from_web_url server-side request forgery

A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function getbytesfromweburl of the file src/agentscope/utils/common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the...

CVE-2026-6600

A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site...

CVE-2026-6602 rickxy Hospital Management System his_admin_account.php unrestricted upload

A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4. Affected is an unknown function of the file /backend/admin/hisadminaccount.php. The manipulation of the argument addpic results in unrestricted upload. The attack can be executed remotel...

EUVD-2026-23746

A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function removeapikeys/hasapiterms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiated...

EUVD-2026-23742

A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument proto/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The...

EUVD-2026-23729

A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function downloadmodel/deletemodel of the file api/src/serge/routers/model.py of the component Model API Endpoint. Executing a manipulation can lead to missing authentication. The attack can be launched...

CVE-2026-6596

A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function createuploadfile of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack...

CVE-2026-6600

The CVE affects langflow-ai langflow up to version 1.8.3, targeting the Frontend React component rendering path in src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx. A manipulation can lead to cross-site scripting (XSS); the attack may be launched remotel...

DoS (Denial of Service) net.minidev:json-smart Dependency in Jira Service Management Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 10.3.0, and 11.3.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticat...

CVE-2026-6595

A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This vulnerability affects unknown code of the file buslocation.php of the component HTTP GET Parameter Handler. The manipulation of the argument busid leads to sql...

CVE-2026-6594 brikcss merge prototype pollution

A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument proto/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The...

EUVD-2026-23723

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function updateorganisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisationid causes authorization...

CVE-2026-6585

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function updateorganisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisationid causes authorization...

CVE-2026-6587 vibrantlabsai RAGAS Collections util.py _try_process_url server-side request forgery

A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function tryprocesslocalfile/tryprocessurl of the file src/ragas/metrics/collections/multimodalfaithfulness/util.py of the component Collections Module. Performing a manipulation of the argument...

OpenMage Magento Lts（Magento） 安全漏洞

OpenMage Magento Lts Magento is an e-commerce system developed by the OpenMage organization. Versions of OpenMage Magento Lts prior to 20.17.0 contained security vulnerabilities. These vulnerabilities stemmed from potential deserialization attacks when handling phar:// paths, which could lead to...

PT-2026-33774

Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by bypassing MIME type validation and renaming uploaded files to executable extensions. Attackers can prepend a GIF8...

EcclesiaCRM 安全漏洞

EcclesiaCRM is a customer relationship management software for church management, developed by the French individual phili67. Versions of EcclesiaCRM 8.0.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of the custom parameter in the...

ROS-20260420-73-0040

Vulnerability in beats related to uncontrolled memory allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260420-73-0023

Vulnerability in python-aiohttp related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260420-73-0008

A vulnerability in the PKCS12itemdecryptd2iex function of the OpenSSL library is related to pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...