|
381
|
7.8 |
HIGH
Local
|
mmaitre314
|
picklescan
|
picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-71378
|
2026-06-26 23:12 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
382
|
9.8 |
CRITICAL
Network
|
kidocode
|
crawl4ai
|
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentic…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-56265
|
2026-06-26 22:52 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
383
|
9.1 |
CRITICAL
Network
|
imagemagick
|
imagemagick
|
ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in coders/psd.c) that causes a heap out-of-bounds read on …
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-56367
|
2026-06-26 22:50 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
384
|
8.2 |
HIGH
Network
|
imagemagick
|
imagemagick
|
ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file can trigger a one-byte heap out-of-bounds read during…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-56378
|
2026-06-26 22:41 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
385
|
7.8 |
HIGH
Local
|
langflow
|
langflow
|
A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to …
New
|
CWE-74
CWE-94
Injection
Code Injection
|
CVE-2026-12822
|
2026-06-26 22:35 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
386
|
7.5 |
HIGH
Network
|
nokogiri
|
nokogiri
|
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacin…
New
|
CWE-416
CWE-825
Use After Free
Expired Pointer Dereference
|
CVE-2026-57435
|
2026-06-26 22:32 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
387
|
7.5 |
HIGH
Network
|
nokogiri
|
nokogiri
|
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper …
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-57434
|
2026-06-26 22:32 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
388
|
8.2 |
HIGH
Network
|
nokogiri
|
nokogiri
|
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a non-string, or a string containing a n…
New
|
CWE-416
Use After Free
|
CVE-2026-57236
|
2026-06-26 22:32 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
389
|
8.2 |
HIGH
Network
|
nokogiri
|
nokogiri
|
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's…
New
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2026-57235
|
2026-06-26 22:32 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
390
|
8.1 |
HIGH
Network
|
apache
|
doris_mcp_server
|
Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without p…
New
|
CWE-89
SQL Injection
|
CVE-2025-66336
|
2026-06-26 22:28 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
