1121 matches found
Langflow < 1.9.0 - Remote Code Execution
Langflow versions prior to 1.9.0 are vulnerable to unauthenticated remote code execution RCE via the buildpublictmp endpoint. Attackers can submit a manipulated flow JSON containing Python code that is executed during the build process without proper sandboxing. id: CVE-2026-33017 info: name:...
CVE-2026-59796
CVE-2026-59796 affects JetBrains TeamCity prior to 2026.1.2. The issue arises from improper permission checks that could allow pipeline modification. Documented impact is pipeline modification with high impact on confidentiality and integrity (per CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). N...
GHSA-FF52-PH69-CF7X vulnerabilities
Vulnerabilities for packages: local-static-provisioner, skaffold, minio-object-browser, doppler-kubernetes-operator, stakater-reloader, aws-flb-firehose, kserve, mcp-grafana, nri-consul, git-lfs, kubernetes-csi-external-resizer, mods, kubewatch, azuredisk-csi, caddy, grype, syft,...
CVE-2026-26307
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources...
Mozilla Thunderbird < 140.12.1
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.12.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-64 advisory. - An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content,...
CVE-2025-71341 picklescan - Remote Code Execution via Undetected profile.Profile.runctx
picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution whe...
Linux Distros Unpatched Vulnerability : CVE-2026-49460
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes...
Vertiv Liebert SiteScan Cross-site Scripting (CVE-2024-5540)
CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...
Automated Logic WebCTRL Cross-site Scripting (CVE-2024-5540)
CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...
CVE-2026-39559
Unauthenticated Local File Inclusion in Uppercase 1.2.2 versions...
CVE-2026-27410
Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...
CVE-2026-41280
CVE-2026-41280 affects Apache DolphinScheduler prior to 3.4.2. The issue is an Incorrect Authorization vulnerability where users with system login privileges can delete task definitions in unauthorized projects due to insufficient access controls. The documented impact is deletion of task definit...
CVE-2026-39446
The CVE-2026-39446 entry describes an unauthenticated PHP Object Injection in WordPress Kapee theme versions prior to 1.7.0. The root cause is a PHP object injection flaw in the Kapee theme’s code path, enabling an attacker with network access and no user interaction to trigger impact. Impact is ...
CVE-2025-69105
Technical details (affected versions beyond Modernee
NPM: hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice
NPM: hono: AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...
CVE-2026-48723
BrowserStack Cypress CLI prior to 1.36.4 is vulnerable to OS command injection via the cypress_config_file parameter in readCypressConfigUtil.js (loadJsFile()), which builds a shell command by interpolating cypress_config_filepath into a template literal and runs it with child_process.execSync()....
CVE-2026-42013 affecting package gnutls for versions less than 3.8.13-1
CVE-2026-42013 affecting package gnutls for versions less than 3.8.13-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-11822 affecting package sqlite for versions less than 3.44.0-4
CVE-2026-11822 affecting package sqlite for versions less than 3.44.0-4. A patched version of the package is available...
CVE-2026-10879 affecting package perl-DBI for versions less than 1.643-4
CVE-2026-10879 affecting package perl-DBI for versions less than 1.643-4. A patched version of the package is available...
CVE-2026-5222 affecting package rust for versions less than 1.75.0-30
CVE-2026-5222 affecting package rust for versions less than 1.75.0-30. A patched version of the package is available...