Lucene search
K

364045 matches found

NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-54008

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/openwebui/utils/oauth.py::processpictureurl calls validateurlpictureurl on the initial URL only, then invokes aiohttp.ClientSession.getpictureurl, ... without...

8.5CVSS0.00203EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 6:18 p.m.7 views

CVE-2026-52845

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forwardauth copyheaders deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through phpfastcgi, Caddy normalizes HTTP headers int...

8.1CVSS0.00246EPSS
Exploits1References4
NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-53662

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting XSS vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The contin...

9.6CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-49860

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially...

5.2CVSS0.00101EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 6:18 p.m.12 views

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.4CVSS0.00146EPSS
Exploits1References4
NVD
NVD
added 2026/06/23 6:18 p.m.8 views

CVE-2026-49983

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, environment access is gated by the env permission. You can deny it with --deny-env, or restrict it to a specific allowlist with --allow-env=FOO,BAR. The expectation is that a program running without env permission cannot...

5.2CVSS0.00098EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-49440

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrimecandidate, options, callback and crypto.checkPrimeSynccandidate, options ran no Miller-Rabin rounds at all when the caller left options.checks at its default of 0. In that mode, the only test applied ...

7.4CVSS0.00149EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 6:18 p.m.8 views

CVE-2026-49402

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.10, Deno's node:childprocess implementation provided an escapeShellArg helper used when callers passed shell: true to spawn / spawnSync / exec and friends. On Windows, the helper failed to quote arguments that contained cmd.e...

8.1CVSS0.00283EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-49406

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYONM mode nodeModulesDir: "manual", the module resolver did not validate that a package's resolved entrypoint stayed within its nodemodules// directory. A malicious package.json whose main field...

5.5CVSS0.00135EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 6:18 p.m.10 views

CVE-2026-49411

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.0, the Node.js compatibility TCP path checked the permission against the original hostname string before resolution and then did not re-check after resolution. A caller could therefore pass a numeric alias of an IP address fo...

6.5CVSS0.00111EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 6:18 p.m.7 views

CVE-2026-49401

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done...

8.4CVSS0.00144EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 6:18 p.m.8 views

CVE-2026-49859

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when fetch was called, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name...

5.2CVSS0.00101EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 6:17 p.m.5 views

CVE-2026-45692

Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different...

5.4CVSS0.00144EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 6:17 p.m.16 views

CVE-2026-45135

Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct fla...

8.1CVSS0.00399EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 6:17 p.m.7 views

CVE-2026-44726

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When autoSelectFamily was enabled and the first address-family attempt...

9.1CVSS0.00142EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 6:17 p.m.7 views

CVE-2026-0864

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS0.00128EPSS
Exploits0References7
NVD
NVD
added 2026/06/23 6:17 p.m.6 views

CVE-2025-71382

MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function...

7.1CVSS0.00316EPSS
Exploits1References4
NVD
NVD
added 2026/06/23 6:17 p.m.7 views

CVE-2025-61024

An issue in the sqlotryinloop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS0.0035EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 6:17 p.m.8 views

CVE-2025-61029

An issue in the sqlountry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS0.0035EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 6:17 p.m.7 views

CVE-2020-9713

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose...

5.5CVSS0.00185EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 6:17 p.m.5 views

CVE-2020-9711

Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation o...

5.5CVSS0.00185EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 6:17 p.m.7 views

CVE-2020-9695

Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a...

7.8CVSS0.00176EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-56117

dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket...

5.7CVSS0.00093EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 5:17 p.m.9 views

CVE-2026-56114

dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTIONPDEXCLUDE option body...

6.5CVSS0.00175EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 5:17 p.m.10 views

CVE-2026-56115

Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but...

8.8CVSS0.00307EPSS
Exploits1References2
NVD
NVD
added 2026/06/23 5:17 p.m.7 views

CVE-2026-56968

GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsaslntlmclientstep in the NTLM client, which could result in memory disclosure via a crafted server...

5.3CVSS0.00241EPSS
Exploits1References4
NVD
NVD
added 2026/06/23 5:17 p.m.7 views

CVE-2026-56113

dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...

6.5CVSS0.00175EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-56116

dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can repeatedly send...

7.1CVSS0.00187EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 5:17 p.m.10 views

CVE-2026-55423

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0...

6.1CVSS0.00152EPSS
Exploits1References3
NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-55446

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse a very long multipart form boundary to make the langflow app unusable for all users for an...

7.5CVSS0.00321EPSS
Exploits1References2
NVD
NVD
added 2026/06/23 5:17 p.m.11 views

CVE-2026-55450

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow. This can lead to space exhaustion on the...

9.3CVSS0.00332EPSS
Exploits1References2
NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-55447

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to t...

9.6CVSS0.00411EPSS
Exploits1References2
NVD
NVD
added 2026/06/23 5:17 p.m.9 views

CVE-2026-55255

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference IDOR vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in...

8.4CVSS0.00233EPSS
Exploits2References5
NVD
NVD
added 2026/06/23 5:17 p.m.10 views

CVE-2026-54308

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to...

7.2CVSS0.00276EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-54307

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to...

9.6CVSS0.00315EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:17 p.m.12 views

CVE-2026-54301

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type. The binary response path bypassed the central...

7CVSS0.00216EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:17 p.m.9 views

CVE-2026-54306

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as norma...

6.4CVSS0.00259EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:17 p.m.10 views

CVE-2026-54305

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An...

9.9CVSS0.00343EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-54302

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the...

7CVSS0.0021EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:17 p.m.6 views

CVE-2026-54304

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download...

7.7CVSS0.00353EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-50023

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

9.6CVSS0.00555EPSS
Exploits1References4
NVD
NVD
added 2026/06/23 5:17 p.m.5 views

CVE-2026-50574

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On...

9.6CVSS0.00406EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:17 p.m.6 views

CVE-2026-50019

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

7.4CVSS0.00268EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:17 p.m.7 views

CVE-2026-49465

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push...

7.7CVSS0.00495EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:17 p.m.6 views

CVE-2026-48519

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" or "Public Flows" in code contains a critical RCE vulnerability. Shareable Playground feature works by enabling the execution of workflows by unauthenticated users, by accessi...

9.6CVSS0.00688EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 5:17 p.m.7 views

CVE-2026-48520

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" or "Public Flows" in code contains a potential arbitrary file-read vulnerability, depending on the exact flow configuration used. By making a flow public, public execution of...

6.1CVSS0.00249EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 5:17 p.m.9 views

CVE-2026-49444

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerabili...

8.5CVSS0.00356EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:17 p.m.7 views

CVE-2026-44958

An access control bypass allows an advertiser‑level user to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when such permissions were not granted. The banner-edit.php script allowed the banner status to be overwritten solely based on banner edit permissions. The status...

5.4CVSS0.00274EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-44959

A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed during banner delivery...

8.8CVSS0.0045EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 5:17 p.m.7 views

CVE-2026-44960

A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to th...

0.00339EPSS
Exploits0References1
Total number of security vulnerabilities364045