Lucene search
K
RedhatcveRecent

206525 matches found

RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•12 views

CVE-2026-6626

A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack...

6.5CVSS6.1AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•9 views

CVE-2026-6584

A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function updateuser of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument userid results in authorization bypass. The attack may be...

5.5CVSS5.4AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•12 views

CVE-2026-6489

A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Background Management Page. The manipulation of the argument image results in unrestricted upload. The...

6.5CVSS6AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•7 views

CVE-2026-6616

A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extractwithbs4/extractwith3k/extractwithlxml of the file superagi/helper/webpageextractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery. I...

6.5CVSS6.1AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•11 views

CVE-2026-6333

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an attacker-controlled server via a spoofed Host header.. Mattermost...

5CVSS5.5AI score0.00137EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•13 views

CVE-2026-6923

A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...

3.8CVSS5.4AI score0.00117EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•11 views

CVE-2026-6617

A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function getapitoolproviderremoteschema of the file api/services/tools/apitoolsmanageservice.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-side...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•8 views

CVE-2026-6638

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

8.8CVSS6AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•10 views

CVE-2026-6162

A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack is possible to be carried out remotely. The exploit ha...

5.1CVSS3.7AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•14 views

CVE-2026-6589

A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function createoriginonlymiddleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The...

5.3CVSS4.9AI score0.00158EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•13 views

CVE-2026-6006

A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted element is an unknown function of the file /edithpatient.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•12 views

CVE-2026-6600

A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site...

5.1CVSS3.7AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•10 views

CVE-2026-6499

Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5...

2.4CVSS5.4AI score0.00096EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•11 views

CVE-2026-6598

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS4.9AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•11 views

CVE-2026-6590

A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function getmodelpreview of the file app/modelmanager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The...

5.3CVSS5.1AI score0.00365EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•10 views

CVE-2026-6334

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermo...

3.8CVSS5.5AI score0.00118EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•11 views

CVE-2026-6033

A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fname can lead to sql injection. The attack may be performed from remote. The exploit has been public...

6.5CVSS6.4AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•7 views

CVE-2026-6495

The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.4AI score0.00184EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•10 views

CVE-2026-6486

A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting. The attack can be executed...

5.1CVSS3.9AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•9 views

CVE-2026-6743

A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the component Calendar. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading the affected...

5.1CVSS3.6AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•12 views

CVE-2026-6356

A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information...

9.6CVSS5.5AI score0.00287EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•10 views

CVE-2026-6648

A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used. The...

5.1CVSS3.9AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•9 views

CVE-2026-6633

A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifangbackendaccount/logic/admin/Lrbacadmin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting. The...

5.1CVSS3.9AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•11 views

CVE-2026-6585

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function updateorganisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisationid causes authorization...

5.5CVSS5.5AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•13 views

CVE-2026-6057

FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution...

9.8CVSS6AI score0.00927EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•9 views

CVE-2026-6624

A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown function of the file /?\route=pool/add of the component Pool List Interface. Executing a manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has bee...

4.8CVSS3.5AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•12 views

CVE-2026-6651

A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item Name results in cross site scripting. The attack may be launched remotely. The exploit has been...

4.8CVSS3.6AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•13 views

CVE-2026-6433

The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval, allowing unauthenticated users to execute arbitrary PHP code on the server...

7.3CVSS6.2AI score0.00753EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•14 views

CVE-2026-6220

A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of the file ServerService.java of the component Video File Download URL Handler. Such manipulation of the argument streamIp leads to server-side request forgery. It is possibl...

5.8CVSS5.2AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•12 views

CVE-2026-6622

A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly...

4.8CVSS3.6AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:47 p.m.•12 views

CVE-2026-6202

A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be use...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•12 views

CVE-2026-6578

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRETKEY results in hard-coded credentials. The attack can be launched remotely. Th...

6.3CVSS5.4AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•10 views

CVE-2026-6620

A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has...

6.5CVSS6.1AI score0.00346EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•13 views

CVE-2026-6035

A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0. The affected element is an unknown function of the file /BranchManagement/ServiceAndSalesReport.php. The manipulation of the argument BRANCHID leads to cross site scripting. Remote exploitation of the attack i...

5.3CVSS3.8AI score0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•9 views

CVE-2026-6143

A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can ...

6.5CVSS6.1AI score0.00189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•13 views

CVE-2026-6011

A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed...

8.1CVSS5.2AI score0.0042EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•12 views

CVE-2026-6215

A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been...

6.5CVSS6.1AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•9 views

CVE-2026-6613

A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function deleteagent/stopschedule/getscheduledata of the file superagi/controllers/agent.py. The manipulation of the argument agentid leads to authorization bypass. The attack is possible to be carried out...

6.5CVSS6.2AI score0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•11 views

CVE-2026-6190

A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /employees.php. Performing a manipulation of the argument Name results in sql injection. The attack can be initiated remotely. The exploit has been made public and...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•16 views

CVE-2026-6000

A vulnerability was found in code-projects Online Library Management System 1.0. Affected is an unknown function of the file /sql/library.sql of the component SQL Database Backup File Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The...

5.3CVSS5.2AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•12 views

CVE-2026-6583

A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function deleteapikey/editapikey of the file superagi/controllers/apikey.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carri...

5.5CVSS5.3AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•10 views

CVE-2026-6592

A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/usermanager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclose...

5.1CVSS3.6AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•10 views

CVE-2026-6619

A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be...

5.1CVSS3.7AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•8 views

CVE-2026-6381

The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a parameter before using it in a file path, allowing authenticated users to perform Local File Inclusion attacks...

7.5CVSS5.4AI score0.00383EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•11 views

CVE-2026-6628

A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been publish...

6.5CVSS6.3AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•11 views

CVE-2026-33447

CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or denial of service...

9.8CVSS5.9AI score0.00252EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•10 views

CVE-2026-6268

The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpresscustomizernotifydismissaction AJAX handler before outputting it back in the response, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting attacks against logged-in...

7.1CVSS5.5AI score0.00164EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•12 views

CVE-2026-33858

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

8.8CVSS5.9AI score0.00592EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•11 views

CVE-2026-6611

A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulation of the argument SECRETKEY results in use of hard-coded cryptographic key . Remote exploitation o...

3.1CVSS4.5AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•9 views

CVE-2026-33212

Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so...

3.1CVSS5.5AI score0.00221EPSS
Exploits0References1
Total number of security vulnerabilities206525