|
811
|
4.3 |
MEDIUM
Network
|
microsoft
|
bing
|
User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-45650
|
2026-06-15 23:09 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
812
|
5.7 |
MEDIUM
Network
|
splunk
|
splunk
splunk_cloud_platform
|
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that…
|
CWE-20
Improper Input Validation
|
CVE-2026-20257
|
2026-06-15 23:05 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
813
|
8.8 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeo…
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-46476
|
2026-06-15 23:04 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
814
|
5.4 |
MEDIUM
Network
|
splunk
|
splunk
splunk_cloud_platform
|
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that…
|
CWE-79
Cross-site Scripting
|
CVE-2026-20258
|
2026-06-15 23:03 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
815
|
8.8 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. Thi…
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-46477
|
2026-06-15 23:02 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
816
|
8.8 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This…
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-46478
|
2026-06-15 22:58 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
817
|
8.8 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeove…
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-46479
|
2026-06-15 22:56 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
818
|
7.8 |
HIGH
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled (and the legacy pyth…
|
CWE-94
CWE-95
CWE-829
Code Injection
Eval Injection
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-52858
|
2026-06-15 22:32 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
819
|
5.3 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin (runtime/ftplugin/cucumber.vim) on V…
|
CWE-94
CWE-95
Code Injection
Eval Injection
|
CVE-2026-47167
|
2026-06-15 22:32 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
820
|
7.8 |
HIGH
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec() as p…
|
CWE-94
Code Injection
|
CVE-2026-52860
|
2026-06-15 22:24 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
