|
1721
|
7.5 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorizat…
|
CWE-200
CWE-522
CWE-862
Information Exposure
Insufficiently Protected Credentials
Missing Authorization
|
CVE-2026-41266
|
2026-04-25 11:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1722
|
5.9 |
MEDIUM
Network
|
-
|
-
|
@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid code_verifier values (including one-character strings) for S256 PKC…
|
CWE-307
CWE-1289
mproper Restriction of Excessive Authentication Attempts
Improper Validation of Unsafe Equivalence in Input
|
CVE-2026-41213
|
2026-04-25 11:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1723
|
7.5 |
HIGH
Network
|
p11-kit_project
redhat
|
p11-kit
hardened_images
enterprise_linux
|
A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters se…
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2026-2100
|
2026-04-25 11:16 |
2026-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1724
|
7.5 |
HIGH
Network
|
p11-kit_project
redhat
|
p11-kit
hardened_images
enterprise_linux
|
Se encontró una falla en p11-kit. Un atacante remoto podría explotar esta vulnerabilidad al llamar a la función C_DeriveKey en un token remoto con parámetros específicos del mecanismo de derivación I…
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2026-2100
|
2026-04-25 11:16 |
2026-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1725
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a si…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2025-14821
|
2026-04-25 09:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1726
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
-
|
CVE-2026-6175
|
2026-04-25 08:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1727
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The API function `ssh_get_hexa()` is vulnerable, when 0-lenght
input is provided to this function. This function is used internally
in `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated)…
|
CWE-124
Buffer Underflow
|
CVE-2026-0966
|
2026-04-25 08:16 |
2026-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1728
|
6.5 |
MEDIUM
Network
|
-
|
-
|
La función API 'ssh_get_hexa()' es vulnerable cuando se proporciona una entrada de longitud 0 a esta función. Esta función se utiliza internamente en 'ssh_get_fingerprint_hash()' y 'ssh_print_hexa()'…
|
CWE-124
Buffer Underflow
|
CVE-2026-0966
|
2026-04-25 08:16 |
2026-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1729
|
3.7 |
LOW
Network
|
-
|
-
|
A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially cr…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-0988
|
2026-04-25 06:16 |
2026-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1730
|
3.7 |
LOW
Network
|
-
|
-
|
Se encontró una vulnerabilidad en glib. La falta de validación de los parámetros offset y count en la función g_buffered_input_stream_peek() puede conducir a un desbordamiento de entero durante el cá…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-0988
|
2026-04-25 06:16 |
2026-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
