|
1391
|
7.1 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-56275
|
2026-06-26 03:39 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1392
|
9.9 |
CRITICAL
Network
|
flowiseai
|
flowise
|
Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrict…
|
CWE-78
OS Command
|
CVE-2026-56274
|
2026-06-26 03:39 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1393
|
6.1 |
MEDIUM
Network
|
kidocode
|
crawl4ai
|
Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a…
|
CWE-79
Cross-site Scripting
|
CVE-2026-56263
|
2026-06-26 03:39 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1394
|
8.1 |
HIGH
Network
|
kidocode
|
crawl4ai
|
Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlin…
|
CWE-22
Path Traversal
|
CVE-2026-56258
|
2026-06-26 03:38 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1395
|
8.3 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise before 3.0.10 (affected versions 3.0.7 and earlier) contains an unverified email change vulnerability. An authenticated user can change the account email address, used as a login identifier a…
|
CWE-620
Unverified Password Change
|
CVE-2025-71337
|
2026-06-26 03:38 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1396
|
6.5 |
MEDIUM
Network
|
silabs
|
emberznet
|
In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the netw…
|
CWE-369
Divide By Zero
|
CVE-2026-47152
|
2026-06-26 03:38 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1397
|
6.5 |
MEDIUM
Network
|
silabs
|
emberznet
|
In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the netw…
|
CWE-369
Divide By Zero
|
CVE-2026-47153
|
2026-06-26 03:37 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1398
|
6.5 |
MEDIUM
Network
|
silabs
|
emberznet
|
In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a dev…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-47154
|
2026-06-26 03:35 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1399
|
6.5 |
MEDIUM
Network
|
silabs
|
emberznet
|
In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has al…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-4526
|
2026-06-26 03:32 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1400
|
6.1 |
MEDIUM
Local
|
openbsd
redhat
|
openssh
enterprise_linux
|
A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket na…
|
CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
|
CVE-2026-55655
|
2026-06-26 03:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
