|
3901
|
3.7 |
LOW
Network
|
flowiseai
|
flowise
|
A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Perf…
|
CWE-200
CWE-284
NVD-CWE-noinfo
Information Exposure
Improper Access Control
|
CVE-2026-8028
|
2026-05-7 23:47 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3902
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce allows Cross-Site Scripting (XS…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3953
|
2026-05-7 23:44 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3903
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Lidera…
|
CWE-346
Origin Validation Error
|
CVE-2026-6508
|
2026-05-7 23:42 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3904
|
8.3 |
HIGH
Network
|
-
|
-
|
Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDri…
|
CWE-770
CWE-915
Allocation of Resources Without Limits or Throttling
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2025-14341
|
2026-05-7 23:42 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3905
|
9.6 |
CRITICAL
Network
|
-
|
-
|
URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Parameter Injection.
This issue affects DivvyDrive: from 4.8.2.9 befor…
|
CWE-601
Open Redirect
|
CVE-2026-6795
|
2026-05-7 23:42 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3906
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS.
This issue affects DivvyD…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5784
|
2026-05-7 23:42 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3907
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting (XSS).
This issue affec…
|
CWE-80
Basic XSS
|
CVE-2026-6002
|
2026-05-7 23:42 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3908
|
7.7 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforcement. Browser press/type style interact…
|
CWE-862
Missing Authorization
|
CVE-2026-43580
|
2026-05-7 23:41 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3909
|
9.6 |
CRITICAL
Adjacent
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools proto…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2026-43581
|
2026-05-7 23:41 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3910
|
9.1 |
CRITICAL
Network
|
x.org
redhat
|
x_server
enterprise_linux
|
A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit …
|
CWE-805
Buffer Access with Incorrect Length Value
|
CVE-2026-34002
|
2026-05-7 23:39 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
