|
651
|
6.9 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-13083
|
2026-06-27 13:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
652
|
- |
|
-
|
-
|
Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the…
|
CWE-73
External Control of File Name or Path
|
CVE-2025-71333
|
2026-06-27 13:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
653
|
- |
|
-
|
-
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in AITextSummarizerBlock. Mali…
|
CWE-405
CWE-770
Asymmetric Resource Consumption (Amplification)
Allocation of Resources Without Limits or Throttling
|
CVE-2025-32394
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
654
|
5.4 |
MEDIUM
Network
|
getgrav
|
grav
|
Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious s…
|
CWE-79
Cross-site Scripting
|
CVE-2020-37256
|
2026-06-27 13:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
655
|
- |
|
-
|
-
|
A command
injection vulnerability has been identified in the DHCP option processing logic
in multiple TP-Link router models, due to insufficient validation of externally
supplied DHCP option data. An…
|
CWE-78
OS Command
|
CVE-2026-11834
|
2026-06-27 07:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
656
|
7.5 |
HIGH
Network
|
imagemagick
|
imagemagick
|
ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by proces…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-56368
|
2026-06-27 06:51 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
657
|
7.8 |
HIGH
Local
|
imagemagick
|
imagemagick
|
ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage() when processing connected-components artifacts with invalid indices. Attackers can trigger acc…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-56370
|
2026-06-27 06:50 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
658
|
7.5 |
HIGH
Network
|
angularjs
|
angularjs
|
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, a Denial of Service (DoS) vu…
|
CWE-400
CWE-1333
Uncontrolled Resource Consumption
Inefficient Regular Expression Complexity
|
CVE-2026-54268
|
2026-06-27 06:36 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
659
|
9.8 |
CRITICAL
Network
|
langflow
|
langflow
|
IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Stream…
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-7664
|
2026-06-27 06:29 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
660
|
6.1 |
MEDIUM
Network
|
ibm
|
datacap
datacap_navigator
|
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary J…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8059
|
2026-06-27 06:27 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
