1040 matches found
Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting
Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of...
Langflow < 1.3.0 - Remote Code Execution via validate_code() exec()
Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the execglobals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. id: CVE-2026-0770 info: name: Langflow...
CVE-2026-15519
A vulnerability was found in usestrix strix up to 1.0.2. This affects an unknown function of the file systemprompt.jinja of the component PyPI Handler. Performing a manipulation results in inclusion of functionality from untrusted control sphere. The attack is possible to be carried out remotely...
CVE-2026-15519 usestrix PyPI system_prompt.jinja inclusion of functionality from untrusted control sphere
A vulnerability was found in usestrix strix up to 1.0.2. This affects an unknown function of the file systemprompt.jinja of the component PyPI Handler. Performing a manipulation results in inclusion of functionality from untrusted control sphere. The attack is possible to be carried out remotely...
CVE-2026-15519
The CVE-2026-15519 entry affects usestrix strix up to 1.0.2, specifically the PyPI Handler’s file system_prompt.jinja. A manipulation can cause inclusion of functionality from an untrusted control sphere. The vulnerability is exploitable remotely with network impact and a high attack complexity; ...
CVE-2026-11546
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled...
Exposure of Resource to Wrong Sphere
Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the TokenKeyResolver function. An attacker can bypass authentication and gain unauthorized access by exploiting the shared static JWKS cache across multiple schemes, allowing a key fetched for one...
Exposure of Resource to Wrong Sphere
Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the TokenKeyResolver function. An attacker can bypass authentication and gain unauthorized access by exploiting the shared static JWKS cache across multiple schemes, allowing a key fetched for one...
CVE-2026-22283
Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...
CVE-2026-22283
Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...
EUVD-2026-37726
Dell PowerFlex Manager, versions Version prior to 4.8, contains an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...
CVE-2026-22283
Dell PowerFlex Manager before version 4.8 is affected by CVE-2026-22283 (Inclusion of Functionality from Untrusted Control Sphere). An unauthenticated attacker with remote access could trigger information disclosure. Affected product: Dell PowerFlex Manager; vulnerable component/behavior not furt...
CVE-2026-22283
Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...
PT-2026-50431
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager versions prior to 4.8 Description An unauthenticated attacker with remote access can exploit the inclusion of functionality from an untrusted control sphere, which may lead to information disclosure. Recommendations Upda...
Security Update for Microsoft Visual Studio Code (June 2026)
The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.123.2. It is, therefore, affected by multiple vulnerabilities: - Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. CVE-2026-47281 -...
CVE-2026-24618
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data. This issue affects Hash Elements: from n/a through 1.5.4...
EUVD-2026-36570
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data. This issue affects Hash Elements: from n/a through 1.5.4...
PT-2026-48976
Name of the Vulnerable Software and Affected Versions Hash Elements versions prior to 1.5.5 Description An issue in HashThemes Hash Elements allows the retrieval of embedded sensitive system information to an unauthorized control sphere. Recommendations Update to version 1.5.5 or later...
CVE-2026-47292
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally...
CVE-2026-9752 GeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generation
An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not...