|
171
|
5.3 |
MEDIUM
Network
|
nokogiri
|
nokogiri
|
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XP…
New
|
CWE-416
Use After Free
|
CVE-2026-57437
|
2026-06-27 01:47 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
172
|
5.3 |
MEDIUM
Network
|
nokogiri
|
nokogiri
|
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Document#root= validated only that the new root was a Nokogiri::XML::Node, allowing …
New
|
CWE-416
Use After Free
|
CVE-2026-57436
|
2026-06-27 01:47 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
173
|
3.8 |
LOW
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts vi…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-8823
|
2026-06-27 01:39 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
174
|
10.0 |
CRITICAL
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration selection that allows unauthenticated clients to byp…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-53622
|
2026-06-27 01:39 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
175
|
7.1 |
HIGH
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces al…
New
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2026-54761
|
2026-06-27 01:37 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
176
|
8.6 |
HIGH
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to…
New
|
CWE-636
CWE-693
Not Failing Securely ('Failing Open')
Protection Mechanism Failure
|
CVE-2026-54762
|
2026-06-27 01:37 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
177
|
7.5 |
HIGH
Network
|
-
|
-
|
Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this…
New
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2021-47986
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
178
|
7.5 |
HIGH
Network
|
-
|
-
|
Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is no…
New
|
CWE-73
External Control of File Name or Path
|
CVE-2025-71324
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
179
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploi…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2025-71327
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
180
|
8.3 |
HIGH
Network
|
-
|
-
|
Flowise before 3.0.10 contains an unverified password change vulnerability. An authenticated user can change their account password through the account settings (Security) section without supplying t…
New
|
CWE-620
Unverified Password Change
|
CVE-2025-71328
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
