VulnCheck KEV: CVE-2026-0770

Langflow execglobals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific...

CVE-2025-69873

A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS Regular Expression Denial of...

Incorrect Behavior Order: Validate Before Canonicalize

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize via the splitPos function. An attacker can cause unintended script execution by crafting a request path containing specific multi-byte Unicode characters, which manipulates the...

Path Traversal

Signal K Server is vulnerable to a path traversal. The vulnerability is due to the validateAppId function blocking forward slashes / but not backslashes , which are treated as directory separators on Windows, allowing an authenticated attacker to escape the intended applicationData directory and...

Missing Authentication

Overview org.apache.druid.extensions:druid-basic-security is a basic security package for Apache Druid. Affected versions of this package are vulnerable to Missing Authentication in validateCredentials for LDAP, which does not check passwords for anonymous bind requests. An attacker in possession...

kernel: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmettcpbuildpduiovec Commit efa56305908b "nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length" added ttag bounds checking and dataoffset validation in...

GHSA-7JX7-3846-M7W7 Craft CMS Vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior

Relationship to Previously Patched Vulnerability This vulnerability is in addition to the RCE vulnerability patched in GHSA-255j-qw47-wjh5. That advisory addressed a similar RCE vulnerability that affected two specific routes: - /index.php?p=admin%2Factions%2Ffields%2Fapply-layout-element-setting...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2026-50100)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50100 advisory. - crypto: afalg - Fix incorrect boolean values in afalgctx Eric Biggers Orabug: 38879907 CVE-2025-40022 - crypto: afalg - Disallow concurrent writ...

Exploit for CVE-2026-0770

CVE-2026-0770 - Langflow Remote Code Execution Summary La...

CVE-2025-70758

chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/authvalidate.php. The application sends an HTTP redirect via headerLocation:login.php when a user is not authenticated but fails to call exit afterward. This allows remote...

CVE-2026-25503 iccDEV Has Type Confusion in CIccTagEmbeddedHeightImage::Validate()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigger undefined behavior when loading invalid icImageEncodingType values causin...

CVE-2026-25503

CVE-2026-25503 involves iccDEV libraries that handle ICC color management profiles. Prior to version 2.3.1.2, a type confusion in CIccTagEmbeddedHeightImage::Validate() could cause malformed ICC profiles to trigger undefined behavior when loading invalid icImageEncodingType values, resulting in a...

CVE-2025-70758

chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/authvalidate.php. The application sends an HTTP redirect via headerLocation:login.php when a user is not authenticated but fails to call exit afterward. This allows remote...

Directory Traversal

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Directory Traversal via improper validation in the validateAppId function. An attacker can access arbitrary files and directories outside the intended directory by...

CVE-2025-14386

The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generatessourl' and 'validatessotoken' functions in versions 2.4.4 to 2.5.12. This makes it...

CVE-2025-14386 Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization 2.4.4 - 2.5.12 - Missing Authorization to Authenticated (Subscriber+) Authentication Bypass via Account Takeover

The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generatessourl' and 'validatessotoken' functions in versions 2.4.4 to 2.5.12. This makes it...

CVE-2025-14386

The CVE-2025-14386 entry concerns the WordPress plugin “Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization” (versions 2.4.4–2.5.12). Connected sources confirm a missing capability check in generate_sso_url and validate_sso_token, enabling authentication...

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak...

kernel: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate command header size against SVGACMDMAXDATASIZE This data originates from userspace and is used in buffer offset calculations which could potentially overflow causing an out-of-bounds access...

CVE-2026-1413 Sangfor Operation and Maintenance Security Management System HTTP POST Request port_validate portValidate command injection

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...