163701 matches found
CVE-2026-3341 IBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services
IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
CVE-2026-53777 Perry < 0.5.1159 Path Traversal via ArtifactReady WebSocket
Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifactname field of ArtifactReady WebSocket messages. Attackers controlli...
CVE-2026-4096 A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests.
IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...
CVE-2026-7787 Unauthenticated Session History Access via Public Flow Execution
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...
CVE-2026-7870 IBM i is Affected by Privilege Escalation []
IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...
CVE-2026-11839 Arbitrary File Upload in Basarsoft's Rotaban
Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.002 before V2026.06.003...
CVE-2026-9648 CVE-2026-9648
The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to...
CVE-2026-10847 Local Privilege Escalation vulnerability in Check Point Identity Agent Full for Windows OS
A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitatio...
CVE-2026-6338 HTTP request smuggling in Kong Enteprise Gateway
A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...
CVE-2026-8406 openSIS Classic 9.3 - Insecure Direct Object Reference in Sent Mail
openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mailid value...
CVE-2026-11816 Path Traversal in keras-team/keras
Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...
CVE-2026-53661 boruta-server sent sensitive session cookies without the Secure attribute
Boruta is a standalone authorization server that aims to implement OAuth 2.0 and Openid Connect up to decentralized identity specifications. Prior to version 0.9.1, boruta session cookies and the identity “remember me” cookie were set without the Secure attribute. In deployments where users could...
CVE-2026-53723 guzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA Terminator
Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures. Versions prior ro 1.5.4 do not safely serialize scalar XML element values containing...
CVE-2026-49214 guzzlehttp/psr7 has CRLF Injection via URI Host Component
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. A vulnerable flow is: First, an application accepts a user-controlled URL. Second, the URL is used to...
CVE-2026-48998 guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An attacker can provide a malformed Host header containing U...
CVE-2026-11561 SSTI in Soagen Informatics' Apinizer
Improper neutralization of special elements used in an expression language statement 'expression language injection' vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6...
CVE-2026-7852 Unrestricted File Upload in Limatek's LimRAD NAC
Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue affects LimRAD NAC: before 5.5.7.3.9...
CVE-2026-11956 TwiN gatus OIDC Session Cookie oidc.go setSessionCookie missing secure attribute
A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attac...
CVE-2023-32959 WordPress MetroStore theme <= 1.3.2 - Broken Access Control
Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2...
CVE-2023-25969 WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.8.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4...
CVE-2026-53423 Unauthenticated denial-of-service via BEAM atom table exhaustion in membrane_mp4_plugin
Allocation of Resources Without Limits or Throttling vulnerability in membraneframework membranemp4plugin allows unauthenticated denial-of-service via BEAM atom table exhaustion. The MP4 box header parser converts each 4-byte box name to an atom using String.toatom/1 without validation...
CVE-2022-47150 WordPress WooCommerce Conversion Tracking plugin <= 2.0.10 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site request forgery CSRF vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10...
CVE-2022-45813 WordPress Advanced AJAX Product Filters plugin <= 1.6.3.3 - Broken Access Control + CSRF
Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3...
CVE-2026-8464 Path traversal in Neuron Soft Golem OEE MES
Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows an attacker in the same local network to read arbitrary files from the server's operating system by manipulating HTTP request paths. This issue has been fixed in version 11.6.0...
CVE-2026-1500 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to cause denial of service due to uncontrolled resource consumption when processing ...
CVE-2026-3553 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to access confidential issue details due to incorrect authorization checks...
CVE-2026-6269 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to modify hidden merge requests due to incorrect...
CVE-2026-6277 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 13.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with Security Manager-role permissions to manage project security configuration even whe...
CVE-2026-6552 Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with group Owner role to take over another group member's GitLab account due to improper...
CVE-2026-6976 Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request diff views due to...
CVE-2026-7250 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an unauthenticated user to cause denial of service due to improper input validation in the API request...
CVE-2026-8589 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to add unauthorized email addresses to a targeted user's account due to improper...
CVE-2026-9204 Server-Side Request Forgery (SSRF) in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to read arbitrary files from the Gitaly server and access internal network resources...
CVE-2026-9694 Improper Neutralization of Substitution Characters in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions, could have allowed an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially...
CVE-2026-10087 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code on behalf of a...
CVE-2026-10733 Improper Restriction of Rendered UI Layers or Frames in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that could have allowed an authenticated user to cause denial of service on the CI/CD Catalog page due to improper sanitization...
CVE-2026-4764 Privilege Escalation in Dialogflow CX via Playbook Import
A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was...
CVE-2026-53912 Cerebrate self-registration password hash exposure via inbox and audit log views
Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. This payload was returned unredacted through inbox index and view responses, including HTML, JSON, a...
CVE-2022-44630 WordPress YITH WooCommerce Product Slider Carousel plugin <= 1.16.0 - Cross-Site Request Forgery (CSRF)
Cross-Site request forgery CSRF vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery. This issue affects YITH WooCommerce Product Slider Carousel: from n/a through 1.16.0...
CVE-2026-11850 Krb5: krb5: integer underflow in berval2tl_data() leads to heap out-of-bounds read
An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...
CVE-2022-42479 WordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...
CVE-2026-53911 Cerebrate primary key mass assignment in CRUD edit operations allows authenticated users to overwrite unrelated records
Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...
CVE-2025-7064 Freelance Security Lock – Access to Windows OS
Authentication bypass by primary weakness vulnerability in ABB Freelance. This issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024...
CVE-2026-5497 Unbounded Frame Count in video/jpeg Base64 Data URL Processing Leads to OOM DoS in vllm-project/vllm
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory OOM Denial of Service DoS attack due to unbounded frame count processing in the VideoMediaIO.loadbase64 method. When processing video/jpeg data URLs, the method splits the base64 data string on commas to extract individual JPEG fram...
CVE-2023-40200 WordPress WP Logo Showcase Responsive Slider and Carousel plugin <= 3.6 - Broken Access Control vulnerability
Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...
CVE-2024-32110 WordPress Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 4.1.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site request forgery CSRF vulnerability in Magepeople inc. WpEvently allows Cross Site Request Forgery. This issue affects WpEvently: from n/a through 4.1.2...
CVE-2023-33999 WordPress WP Mail Log plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in WPVibes WP Mail Log allows DOM-Based XSS. This issue affects WP Mail Log: from n/a through 1.0.2...
CVE-2026-10795 UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlusRemoteCommunicationsV2::wploaded function. This is due to insufficient validation of the remote communications message format,...
CVE-2026-41856 Spring GraphQL Annotation Detection Vulnerability
The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. When all conditions are met, security annotations can be ignored...
CVE-2026-41700 Cross-Site WebSocket Hijacking in Spring for GraphQL
Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials...