CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 5 days ago•10 views

CVE-2026-48768

TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses unsanitized fileName input to construct public/ S3 object keys, while issuing presigned PUT URLs that do not bind Content-Type. As a result, any...

9.3CVSS0.00268EPSS

Cvelist•added 6 days ago•20 views

CVE-2026-48768 TypeBot: Unauthenticated arbitrary s3 object write in generate-upload-url via unsanitized fileName

9.3CVSS0.00268EPSS

CVE•added 6 days ago•15 views

CVE-2026-48768

TypeBot (versions ≤ 3.16.1) exposes an unauthenticated generate-upload-url API (/api/blocks/file-input/v3/generate-upload-url) that uses unsanitized fileName to derive public S3 keys and issues presigned PUT URLs that do not bind Content-Type. This allows anonymous users of a published bot with a...

9.3CVSS5.4AI score0.00268EPSS

NVD•added 6 days ago•8 views

CVE-2026-48820

CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, and 5.3.0 through 5.3.5, View::getElementFileName does not check that the resolved element path is within the application/plugin view template paths...

6.3CVSS0.00258EPSS

CVE•added 2026/06/15 12:0 a.m.•11 views

CVE-2026-50877

CVE-2026-50877 affects Zhoros SuperBin v1.0.0. An attacker can trigger a directory traversal by supplying files whose names include traversal characters, potentially impacting file handling on the affected system. The vulnerability is reported with network attack vector, low complexity, no privil...

7.5CVSS5.5AI score0.00577EPSS

IBM Security Bulletins•added 2026/06/12 6:59 p.m.•6 views

Security Bulletin: Unauthenticated Insecure Direct Object Reference (IDOR) Vulnerability in Langflow Desktop Image Download Endpoint

Summary IBM Langflow Desktop contains a vulnerability in its image retrieval functionality where the GET /api/v1/files/images/flowid/filename endpoint fails to enforce authentication and ownership validation, allowing any unauthenticated user to access image files by supplying a valid flow...

7.5CVSS5.2AI score0.0034EPSS

Exploits0Affected Software1

CVE•added 2026/06/12 3:56 p.m.•10 views

CVE-2026-6961

Mattermost CVE-2026-6961 affects Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, and 10.11.x <= 10.11.15/10.11.x

7.6CVSS5.5AI score0.00294EPSS

Exploits0References1Affected Software1

OSV•added 2026/06/12 9:5 a.m.•4 views

BIT-GITLAB-2026-6976 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request diff views due to...

3.7CVSS5.4AI score0.00247EPSS

Exploits0References4

RedHat Linux•added 2026/06/11 1:40 p.m.•7 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS7AI score0.00643EPSS

Exploits1References8

NVD•added 2026/06/11 12:16 p.m.•9 views

CVE-2026-6976

3.7CVSS0.00247EPSS

OSV•added 2026/06/11 12:16 p.m.•5 views

UBUNTU-CVE-2026-6976

3.7CVSS5.3AI score0.00247EPSS

Exploits0References5

Vulnrichment•added 2026/06/11 10:20 a.m.•5 views

CVE-2026-6976 Authorization Bypass Through User-Controlled Key in GitLab

3.7CVSS5.5AI score0.00247EPSS

CVE•added 2026/06/11 10:20 a.m.•41 views

CVE-2026-6976

GitLab CVE-2026-6976 affects GitLab CE/EE with versions 15.9–1x prior to 18.10.8, 18.11 prior to 18.11.5, and 19.0 prior to 19.0.2. An authenticated user with developer permissions could, under certain conditions, hide changes in merge request diff views due to improper input handling of file nam...

3.7CVSS5.5AI score0.00247EPSS

Exploits0References3Affected Software1

EUVD•added 2026/06/11 10:20 a.m.•7 views

EUVD-2026-36228

3.7CVSS5.5AI score0.00247EPSS

Cvelist•added 2026/06/11 10:20 a.m.•22 views

CVE-2026-6976 Authorization Bypass Through User-Controlled Key in GitLab

3.7CVSS0.00247EPSS

RedhatCVE•added 2026/06/10 9:1 p.m.•6 views

CVE-2026-47643

External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network...

9.8CVSS5.7AI score0.00503EPSS

NVD•added 2026/06/10 4:17 p.m.•10 views

CVE-2026-45569

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 "Expand validation to block .. in configfilename and configver for improved security" added a line in app/modules/config/config.py:462. This is tuple-membership, no...

8.1CVSS0.00316EPSS

Cvelist•added 2026/06/10 2:0 p.m.•32 views

CVE-2026-45556 Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a configfilename form field that is passed straight through to configmod.masterslaveuploadandrestart... as the destination path. The validation chai...

9.9CVSS0.00372EPSS