Lucene search
K

364869 matches found

NVD
NVD
added 2026/06/08 5:16 p.m.12 views

CVE-2026-46280

In the Linux kernel, the following vulnerability has been resolved: lib: testhmm: evict device pages on file close to avoid use-after-free Patch series "Minor hmmtest fixes and cleanups". Two bugfixes a cleanup for the HMM kernel selftests. These were mostly reported by Zenghui Yu with special...

7.8CVSS0.00126EPSS
Exploits0References6
NVD
NVD
added 2026/06/08 5:16 p.m.13 views

CVE-2026-45581

fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in...

5.5CVSS0.00106EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 5:16 p.m.10 views

CVE-2026-43966

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

6.3CVSS0.00313EPSS
Exploits0References4
NVD
NVD
added 2026/06/08 5:16 p.m.11 views

CVE-2026-39910

STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...

9.8CVSS0.00302EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 5:16 p.m.14 views

CVE-2026-41448

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path...

9.4CVSS0.00542EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 5:16 p.m.12 views

CVE-2026-39908

OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application...

7.1CVSS0.00314EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 5:16 p.m.11 views

CVE-2026-25555

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied...

9.8CVSS0.01509EPSS
Exploits1References2
NVD
NVD
added 2026/06/08 5:16 p.m.11 views

CVE-2026-25559

OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by supplying unsanitized absolute paths to the upload handler and wordlist functions. Attackers can...

8.8CVSS0.00566EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 5:16 p.m.25 views

CVE-2026-25855

OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files .bat.ps1.sh through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources,...

8.8CVSS0.0057EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 5:16 p.m.14 views

CVE-2026-25856

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

8.8CVSS0.00473EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 5:16 p.m.17 views

CVE-2026-11611

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

6.5CVSS0.00244EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 5:16 p.m.13 views

CVE-2026-11531

A security flaw has been discovered in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/adminlogin.php of the component Administrator Login Endpoint. Performing a manipulation of the argument ausr/apwd results in s...

7.5CVSS0.00328EPSS
Exploits0References6
NVD
NVD
added 2026/06/08 5:16 p.m.12 views

CVE-2026-11533

A security vulnerability has been detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to...

5.5CVSS0.0023EPSS
Exploits0References6
NVD
NVD
added 2026/06/08 5:16 p.m.11 views

CVE-2026-11534

A vulnerability was detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manipulation of the argument name/address/fname results in cross site scripting. It is possible to launch...

5.1CVSS0.00199EPSS
Exploits0References6
NVD
NVD
added 2026/06/08 5:16 p.m.17 views

CVE-2026-11530

A vulnerability was identified in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Such manipulation of the argument usr/pwd leads to sql injection. The attack can be executed remotely...

7.5CVSS0.00328EPSS
Exploits0References6
NVD
NVD
added 2026/06/08 5:16 p.m.10 views

CVE-2026-11532

A weakness has been identified in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected is an unknown function of the file /add.php of the component Student Record Handler. Executing a manipulation can lead to improper access controls. The attack may be perform...

6.5CVSS0.0027EPSS
Exploits0References6
NVD
NVD
added 2026/06/08 4:16 p.m.15 views

CVE-2026-49756

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encodeformpart/2 in lib/req/utils.ex builds the per-part headers by interpolating the caller-supplied name, filename, an...

2.1CVSS0.00178EPSS
Exploits0References4
NVD
NVD
added 2026/06/08 4:16 p.m.16 views

CVE-2026-49975

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67...

7.5CVSS0.11471EPSS
Exploits8References18
NVD
NVD
added 2026/06/08 4:16 p.m.20 views

CVE-2026-46657

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS0.00271EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.15 views

CVE-2026-48913

Use After Free vulnerability in Apache HTTP Server module modhttp2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67...

7.3CVSS0.00479EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.13 views

CVE-2026-49755

Improper Handling of Highly Compressed Data Data Amplification vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb response bodies. Req's default response pipeline includes Req.Steps.decodebody/1 and...

8.2CVSS0.00438EPSS
Exploits0References4
NVD
NVD
added 2026/06/08 4:16 p.m.15 views

CVE-2026-48488

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 SHAttered. Version 4.1.4 fixes the issue...

6.9CVSS0.00182EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.14 views

CVE-2026-46477

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00335EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.16 views

CVE-2026-46479

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00335EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.18 views

CVE-2026-46480

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00335EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.19 views

CVE-2026-46478

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00342EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.19 views

CVE-2026-46656

Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...

8.8CVSS0.00294EPSS
Exploits0References3
NVD
NVD
added 2026/06/08 4:16 p.m.16 views

CVE-2026-46440

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2...

9.1CVSS0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.15 views

CVE-2026-46443

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response. The code properly omits encryptedData when no filter is...

7CVSS0.00271EPSS
Exploits1References2
NVD
NVD
added 2026/06/08 4:16 p.m.15 views

CVE-2026-46476

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00335EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.13 views

CVE-2026-46441

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId...

9.6CVSS0.00274EPSS
Exploits1References2
NVD
NVD
added 2026/06/08 4:16 p.m.16 views

CVE-2026-46442

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When...

9.9CVSS0.0082EPSS
Exploits1References2
NVD
NVD
added 2026/06/08 4:16 p.m.15 views

CVE-2026-46444

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...

8.8CVSS0.00327EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.23 views

CVE-2026-46475

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00335EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.14 views

CVE-2026-43951

Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...

6.5CVSS0.00525EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.12 views

CVE-2026-44185

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.3CVSS0.00598EPSS
Exploits0References6
NVD
NVD
added 2026/06/08 4:16 p.m.15 views

CVE-2026-44119

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

5.5CVSS0.00171EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.15 views

CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

9.8CVSS0.00486EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.15 views

CVE-2026-44186

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the modproxyftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.3CVSS0.00562EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.11 views

CVE-2026-46274

In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in iowqremovepending iowqremovepending needs to fix up wq-hashtail if the cancelled work was the tail of its hash bucket. When doing this, it checks whether the preceding entry in...

7.8CVSS0.00138EPSS
Exploits0References5
NVD
NVD
added 2026/06/08 4:16 p.m.18 views

CVE-2026-46275

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciuart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to Use-After-Free UAF and Null Pointer Dereference NPD conditions were observed in the lifecycle management of hciuart. The primary...

7.8CVSS0.00185EPSS
Exploits1References8
NVD
NVD
added 2026/06/08 4:16 p.m.16 views

CVE-2026-42861

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

9.6CVSS0.00254EPSS
Exploits1References2
NVD
NVD
added 2026/06/08 4:16 p.m.13 views

CVE-2026-42862

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS0.00195EPSS
Exploits1References2
NVD
NVD
added 2026/06/08 4:16 p.m.13 views

CVE-2026-42535

A path handling issue in moddavfs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

9.1CVSS0.00538EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.16 views

CVE-2026-42536

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with modxml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.5CVSS0.0071EPSS
Exploits0References6
NVD
NVD
added 2026/06/08 4:16 p.m.13 views

CVE-2026-42863

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic,...

8.1CVSS0.00268EPSS
Exploits1References2
NVD
NVD
added 2026/06/08 4:16 p.m.11 views

CVE-2026-34194

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse memory allocation. The product accidentally refers to the wrong memory due to the semantics of how math operations are implicitly scaled acro...

7.1CVSS0.00116EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 4:16 p.m.12 views

CVE-2026-36786

Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS0.00415EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 4:16 p.m.12 views

CVE-2026-29170

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS0.00504EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.17 views

CVE-2026-34355

A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

7.5CVSS0.00805EPSS
Exploits0References6
Total number of security vulnerabilities364869