|
401
|
- |
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authen…
New
|
CWE-94
Code Injection
|
CVE-2026-46442
|
2026-06-10 01:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
402
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of `<iframe>` el…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-46396
|
2026-06-10 01:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
403
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenti…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-46390
|
2026-06-10 01:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
404
|
6.5 |
MEDIUM
Network
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site crea…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-46357
|
2026-06-10 01:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
405
|
9.0 |
CRITICAL
Network
|
termix
|
termix
|
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Brok…
Update
|
CWE-284
CWE-639
Improper Access Control
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45746
|
2026-06-10 01:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
406
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in the Externalizable.readExternal() component of Controller v12.0.5 allows attackers to cause a Denial of Service (DoS) via a crafted input.
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-36501
|
2026-06-10 01:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
407
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer.
This issue affects Apache Answer: through 2.0.0.
The unlisted question feature did not enforce access rest…
New
|
CWE-200
Information Exposure
|
CVE-2026-34905
|
2026-06-10 01:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
408
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.
This issue affects Apache Answer: through 2.0.0.
The server did not sufficiently validate user-supplied image URLs, a…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-34031
|
2026-06-10 01:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
409
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.
This issue affects Apache Answer: through 2.0.0.
A crafted TIFF image could trigger excessive memory allocation durin…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-33582
|
2026-06-10 01:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
410
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer.
This issue affects Apache Answer: through 2.0.0.
Timeline-related APIs lacked proper authorization …
New
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2026-25699
|
2026-06-10 01:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
