|
911
|
8.2 |
HIGH
Network
|
imagemagick
|
imagemagick
|
ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file can trigger a one-byte heap out-of-bounds read during…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-56378
|
2026-06-26 22:41 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
912
|
7.8 |
HIGH
Local
|
langflow
|
langflow
|
A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to …
New
|
CWE-74
CWE-94
Injection
Code Injection
|
CVE-2026-12822
|
2026-06-26 22:35 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
913
|
7.5 |
HIGH
Network
|
nokogiri
|
nokogiri
|
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacin…
New
|
CWE-416
CWE-825
Use After Free
Expired Pointer Dereference
|
CVE-2026-57435
|
2026-06-26 22:32 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
914
|
7.5 |
HIGH
Network
|
nokogiri
|
nokogiri
|
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper …
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-57434
|
2026-06-26 22:32 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
915
|
8.2 |
HIGH
Network
|
nokogiri
|
nokogiri
|
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a non-string, or a string containing a n…
New
|
CWE-416
Use After Free
|
CVE-2026-57236
|
2026-06-26 22:32 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
916
|
8.2 |
HIGH
Network
|
nokogiri
|
nokogiri
|
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's…
New
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2026-57235
|
2026-06-26 22:32 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
917
|
8.1 |
HIGH
Network
|
apache
|
doris_mcp_server
|
Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without p…
New
|
CWE-89
SQL Injection
|
CVE-2025-66336
|
2026-06-26 22:28 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
918
|
9.8 |
CRITICAL
Network
|
jetbrains
|
hub
|
In JetBrains Hub before 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.148429 authentication bypass via direct database access leading to administrative access was p…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-50242
|
2026-06-26 22:20 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
919
|
8.8 |
HIGH
Network
|
jetbrains
|
goland
|
In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration
New
|
CWE-73
External Control of File Name or Path
|
CVE-2026-53915
|
2026-06-26 22:19 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
920
|
8.1 |
HIGH
Network
|
-
|
-
|
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, …
New
|
CWE-836
Use of Password Hash Instead of Password for Authentication
|
CVE-2026-9222
|
2026-06-26 22:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
