|
431
|
8.3 |
HIGH
Network
|
-
|
-
|
agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values t…
Update
|
CWE-89
SQL Injection
|
CVE-2026-10105
|
2026-06-2 12:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
432
|
7.5 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in Shibby Tomato 1.28. The impacted element is an unknown function of the file usr/sbin/miniupnpd. Such manipulation leads to resource consumption. The attack may be la…
Update
|
CWE-400
CWE-404
Uncontrolled Resource Consumption
Improper Resource Shutdown or Release
|
CVE-2026-10069
|
2026-06-2 12:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
433
|
9.9 |
CRITICAL
Network
|
-
|
-
|
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated u…
Update
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-45312
|
2026-06-2 11:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
434
|
- |
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create se…
Update
|
CWE-269
CWE-284
Improper Privilege Management
Improper Access Control
|
CVE-2026-45043
|
2026-06-2 11:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
435
|
8.8 |
HIGH
Network
|
tauri
|
tauri
|
Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted loca…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42184
|
2026-06-2 09:52 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
436
|
8.8 |
HIGH
Network
|
dalibo
|
anonymizer
|
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-an…
Update
|
CWE-89
SQL Injection
|
CVE-2026-9617
|
2026-06-2 09:40 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
437
|
6.8 |
MEDIUM
Network
|
gradio_project
|
gradio
|
Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across…
Update
|
CWE-384
Session Fixation
|
CVE-2026-48545
|
2026-06-2 09:34 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
438
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A segmentation violation in the gf_media_get_color_info function (/media_tools/isom_tools.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a …
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-60495
|
2026-06-2 09:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
439
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A heap use-after-free in the dasher_process function (/filters/dasher.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 file.
New
|
CWE-416
Use After Free
|
CVE-2025-60486
|
2026-06-2 09:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
440
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A segmentation violation in the gf_isom_apple_set_tag_ex function (/isomedia/isom_write.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a cr…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-60485
|
2026-06-2 09:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
