|
701
|
6.5 |
MEDIUM
Network
|
langflow
|
langflow
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (POST /api/v1/knowledge_bases). This…
New
|
CWE-22
Path Traversal
|
CVE-2026-42867
|
2026-06-27 02:09 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
702
|
9.6 |
CRITICAL
Network
|
langflow
|
langflow
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains a critical RCE vulnerability. Shareable …
New
|
CWE-94
Code Injection
|
CVE-2026-48519
|
2026-06-27 02:07 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
703
|
6.1 |
MEDIUM
Network
|
langflow
|
langflow
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" (or "Public Flows" in code) contains a potential arbitrary file-read vulnera…
New
|
CWE-73
External Control of File Name or Path
|
CVE-2026-48520
|
2026-06-27 02:06 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
704
|
10.0 |
CRITICAL
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated atta…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-48020
|
2026-06-27 02:04 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
705
|
10.0 |
CRITICAL
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection (SNICheck) that allows an unauthenticated cl…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-48491
|
2026-06-27 02:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
706
|
9.8 |
CRITICAL
Network
|
wolfssl
|
wolfssl
|
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still…
New
|
CWE-416
Use After Free
|
CVE-2026-7531
|
2026-06-27 01:53 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
707
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
The X25519 x86_64 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19…
New
|
CWE-682
Incorrect Calculation
|
CVE-2026-10512
|
2026-06-27 01:53 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
708
|
6.5 |
MEDIUM
Network
|
rtklib
|
rtklib
|
RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count va…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-56789
|
2026-06-27 01:53 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
709
|
7.5 |
HIGH
Network
|
rtklib
|
rtklib
|
RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via craft…
New
|
CWE-193
Off-by-one Error
|
CVE-2026-56787
|
2026-06-27 01:53 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
710
|
9.8 |
CRITICAL
Network
|
rtklib
|
rtklib
|
RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fi…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-56786
|
2026-06-27 01:52 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
