|
1021
|
8.8 |
HIGH
Network
|
quest
|
netvault_backup
|
Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault…
New
|
CWE-89
SQL Injection
|
CVE-2026-9781
|
2026-06-26 11:04 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1022
|
8.8 |
HIGH
Network
|
quest
|
netvault_backup
|
Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVa…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-9780
|
2026-06-26 11:04 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1023
|
8.8 |
HIGH
Network
|
quest
|
netvault_backup
|
Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault…
New
|
CWE-89
SQL Injection
|
CVE-2026-7570
|
2026-06-26 11:03 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1024
|
4.3 |
MEDIUM
Network
|
jenkins
|
contrast_continuous_application_security
|
Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metada…
New
|
CWE-862
Missing Authorization
|
CVE-2026-57299
|
2026-06-26 11:03 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1025
|
4.3 |
MEDIUM
Network
|
jenkins
|
contrast_continuous_application_security
|
A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an a…
New
|
CWE-862
Missing Authorization
|
CVE-2026-57297
|
2026-06-26 11:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1026
|
5.4 |
MEDIUM
Network
|
n8n
|
n8n
|
n8n before 1.123.25 (1.x) and before 2.11.2 (2.x), with the fix also included in 2.12.0, contains a stored cross-site scripting vulnerability in the Form Trigger node's CSS sanitization that allows a…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-56358
|
2026-06-26 11:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1027
|
9.6 |
CRITICAL
Network
|
n8n
|
n8n
|
n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier valu…
New
|
CWE-89
SQL Injection
|
CVE-2026-56351
|
2026-06-26 11:01 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1028
|
4.1 |
MEDIUM
Local
|
flowiseai
|
flowise
|
Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately …
New
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2026-56272
|
2026-06-26 11:01 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1029
|
7.5 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's …
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-56270
|
2026-06-26 11:01 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1030
|
4.6 |
MEDIUM
Local
|
flowiseai
|
flowise
|
Flowise before 3.1.0 (npm package flowise, versions 3.0.13 and earlier) uses a weak hardcoded default value 'Secre$t' for the TOKEN_HASH_SECRET environment variable in packages/server/src/enterprise/…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-56269
|
2026-06-26 11:01 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
