|
1711
|
9.8 |
CRITICAL
Network
|
hcltech
|
aion
|
Una posible vulnerabilidad de inyección de comandos en HCL AION. Esto puede permitir la ejecución no intencionada de comandos, lo que podría llevar a acciones no autorizadas en el sistema subyacente.…
|
CWE-78
OS Command
|
CVE-2025-52626
|
2026-04-26 02:58 |
2026-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1712
|
7.5 |
HIGH
Network
|
hcltech
|
aion
|
A vulnerability
Cacheable SSL Page Found vulnerability has been identified
in HCL AION.
Cached data may expose credentials, system identifiers, or internal file paths to attackers with access t…
|
CWE-525
Use of Web Browser Cache Containing Sensitive Information
|
CVE-2025-52625
|
2026-04-26 02:58 |
2025-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1713
|
7.5 |
HIGH
Network
|
-
|
-
|
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processe…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-4111
|
2026-04-26 02:16 |
2026-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1714
|
7.5 |
HIGH
Network
|
-
|
-
|
Se identificó una vulnerabilidad en la lógica de descompresión de archivos RAR5 de la biblioteca libarchive, específicamente dentro de la ruta de procesamiento de archive_read_data(). Cuando se proce…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-4111
|
2026-04-26 02:16 |
2026-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1715
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
-
|
CVE-2026-31534
|
2026-04-25 15:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1716
|
6.5 |
MEDIUM
Network
|
-
|
-
|
MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrar…
|
CWE-74
Injection
|
CVE-2026-41319
|
2026-04-25 12:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1717
|
6.7 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-4878
|
2026-04-25 11:16 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1718
|
8.8 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated us…
|
CWE-284
CWE-639
CWE-915
Improper Access Control
Authorization Bypass Through User-Controlled Key
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-41277
|
2026-04-25 11:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1719
|
7.5 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the u…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-41275
|
2026-04-25 11:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1720
|
8.3 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) protection bypass vulnerability exists in the Custom Func…
|
CWE-284
CWE-918
Improper Access Control
Server-Side Request Forgery (SSRF)
|
CVE-2026-41270
|
2026-04-25 11:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
