|
961
|
7.1 |
HIGH
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces al…
New
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2026-54761
|
2026-06-27 01:37 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
962
|
8.6 |
HIGH
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to…
New
|
CWE-636
CWE-693
Not Failing Securely ('Failing Open')
Protection Mechanism Failure
|
CVE-2026-54762
|
2026-06-27 01:37 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
963
|
7.5 |
HIGH
Network
|
-
|
-
|
Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this…
New
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2021-47986
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
964
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in …
New
|
CWE-73
External Control of File Name or Path
|
CVE-2025-71334
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
965
|
8.1 |
HIGH
Network
|
-
|
-
|
Flowise before 3.0.10 (affected versions 3.0.7 and earlier) fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who already holds an active sessi…
New
|
CWE-613
Insufficient Session Expiration
|
CVE-2025-71335
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
966
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) contains an unsandboxed remote code execution vulnerability in the Custom MCP feature, which is designed to execute OS commands such…
New
|
CWE-78
OS Command
|
CVE-2025-71336
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
967
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can e…
New
|
CWE-73
External Control of File Name or Path
|
CVE-2025-71338
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
968
|
8.1 |
HIGH
Network
|
-
|
-
|
A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forg…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-11800
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
969
|
8.5 |
HIGH
Network
|
-
|
-
|
A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml() method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An at…
New
|
CWE-611
XXE
|
CVE-2026-12975
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
970
|
7.4 |
HIGH
Network
|
-
|
-
|
A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-12992
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
