CVE-2026-43975 - Apache Wicket: Possible malicious path traversal in FolderUploadsFileManager
CVE ID :CVE-2026-43975
Published : May 6, 2026, 10:16 a.m. | 1 hour, 48 minutes ago
Description :FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on the server. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-43975
Published : May 6, 2026, 10:16 a.m. | 1 hour, 48 minutes ago
Description :FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on the server. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6860 - Apache TLS Server Name Spoofing Vulnerability
CVE ID :CVE-2026-6860
Published : May 6, 2026, 10:16 a.m. | 1 hour, 48 minutes ago
Description :A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6860
Published : May 6, 2026, 10:16 a.m. | 1 hour, 48 minutes ago
Description :A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31970 - HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability
CVE ID :CVE-2025-31970
Published : May 6, 2026, 11:16 a.m. | 48 minutes ago
Description :HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-31970
Published : May 6, 2026, 11:16 a.m. | 48 minutes ago
Description :HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59851 - HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability
CVE ID :CVE-2025-59851
Published : May 6, 2026, 11:16 a.m. | 48 minutes ago
Description :HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the application.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-59851
Published : May 6, 2026, 11:16 a.m. | 48 minutes ago
Description :HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the application.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59852 - HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability
CVE ID :CVE-2025-59852
Published : May 6, 2026, 11:16 a.m. | 48 minutes ago
Description :HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-59852
Published : May 6, 2026, 11:16 a.m. | 48 minutes ago
Description :HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59853 - HCL DFXAnalytics is affected by an Improper Error Handling vulnerability
CVE ID :CVE-2025-59853
Published : May 6, 2026, 11:16 a.m. | 48 minutes ago
Description :HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-59853
Published : May 6, 2026, 11:16 a.m. | 48 minutes ago
Description :HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59854 - HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability
CVE ID :CVE-2025-59854
Published : May 6, 2026, 11:16 a.m. | 48 minutes ago
Description :HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a robust Content Security Policy (CSP).
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-59854
Published : May 6, 2026, 11:16 a.m. | 48 minutes ago
Description :HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a robust Content Security Policy (CSP).
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6420 - Keylime: keylime: security bypass due to hardcoded tpm quote nonce
CVE ID :CVE-2026-6420
Published : May 6, 2026, 11:16 a.m. | 48 minutes ago
Description :A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6420
Published : May 6, 2026, 11:16 a.m. | 48 minutes ago
Description :A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-43278 - dm: clear cloned request bio pointer when last clone bio completes
CVE ID :CVE-2026-43278
Published : May 6, 2026, 12:16 p.m. | 3 hours, 48 minutes ago
Description :In the Linux kernel, the following vulnerability has been resolved: dm: clear cloned request bio pointer when last clone bio completes Stale rq->bio values have been observed to cause double-initialization of cloned bios in request-based device-mapper targets, leading to use-after-free and double-free scenarios. One such case occurs when using dm-multipath on top of a PCIe NVMe namespace, where cloned request bios are freed during blk_complete_request(), but rq->bio is left intact. Subsequent clone teardown then attempts to free the same bios again via blk_rq_unprep_clone(). The resulting double-free path looks like: nvme_pci_complete_batch() nvme_complete_batch() blk_mq_end_request_batch() blk_complete_request() // called on a DM clone request bio_endio() // first free of all clone bios ... rq->end_io() // end_clone_request() dm_complete_request(tio->orig) dm_softirq_done() dm_done() dm_end_request() blk_rq_unprep_clone() // second free of clone bios Fix this by clearing the clone request's bio pointer when the last cloned bio completes, ensuring that later teardown paths do not attempt to free already-released bios.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-43278
Published : May 6, 2026, 12:16 p.m. | 3 hours, 48 minutes ago
Description :In the Linux kernel, the following vulnerability has been resolved: dm: clear cloned request bio pointer when last clone bio completes Stale rq->bio values have been observed to cause double-initialization of cloned bios in request-based device-mapper targets, leading to use-after-free and double-free scenarios. One such case occurs when using dm-multipath on top of a PCIe NVMe namespace, where cloned request bios are freed during blk_complete_request(), but rq->bio is left intact. Subsequent clone teardown then attempts to free the same bios again via blk_rq_unprep_clone(). The resulting double-free path looks like: nvme_pci_complete_batch() nvme_complete_batch() blk_mq_end_request_batch() blk_complete_request() // called on a DM clone request bio_endio() // first free of all clone bios ... rq->end_io() // end_clone_request() dm_complete_request(tio->orig) dm_softirq_done() dm_done() dm_end_request() blk_rq_unprep_clone() // second free of clone bios Fix this by clearing the clone request's bio pointer when the last cloned bio completes, ensuring that later teardown paths do not attempt to free already-released bios.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-43279 - ALSA: usb-audio: Add sanity check for OOB writes at silencing
CVE ID :CVE-2026-43279
Published : May 6, 2026, 12:16 p.m. | 3 hours, 48 minutes ago
Description :In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Add sanity check for OOB writes at silencing At silencing the playback URB packets in the implicit fb mode before the actual playback, we blindly assume that the received packets fit with the buffer size. But when the setup in the capture stream differs from the playback stream (e.g. due to the USB core limitation of max packet size), such an inconsistency may lead to OOB writes to the buffer, resulting in a crash. For addressing it, add a sanity check of the transfer buffer size at prepare_silent_urb(), and stop the data copy if the received data overflows. Also, report back the transfer error properly from there, too. Note that this doesn't fix the root cause of the playback error itself, but this merely covers the kernel Oops.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-43279
Published : May 6, 2026, 12:16 p.m. | 3 hours, 48 minutes ago
Description :In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Add sanity check for OOB writes at silencing At silencing the playback URB packets in the implicit fb mode before the actual playback, we blindly assume that the received packets fit with the buffer size. But when the setup in the capture stream differs from the playback stream (e.g. due to the USB core limitation of max packet size), such an inconsistency may lead to OOB writes to the buffer, resulting in a crash. For addressing it, add a sanity check of the transfer buffer size at prepare_silent_urb(), and stop the data copy if the received data overflows. Also, report back the transfer error properly from there, too. Note that this doesn't fix the root cause of the playback error itself, but this merely covers the kernel Oops.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-43280 - drm/xe: Add bounds check on pat_index to prevent OOB kernel read in madvise
CVE ID :CVE-2026-43280
Published : May 6, 2026, 12:16 p.m. | 3 hours, 48 minutes ago
Description :In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add bounds check on pat_index to prevent OOB kernel read in madvise When user provides a bogus pat_index value through the madvise IOCTL, the xe_pat_index_get_coh_mode() function performs an array access without validating bounds. This allows a malicious user to trigger an out-of-bounds kernel read from the xe->pat.table array. The vulnerability exists because the validation in madvise_args_are_sane() directly calls xe_pat_index_get_coh_mode(xe, args->pat_index.val) without first checking if pat_index is within [0, xe->pat.n_entries). Although xe_pat_index_get_coh_mode() has a WARN_ON to catch this in debug builds, it still performs the unsafe array access in production kernels. v2(Matthew Auld) - Using array_index_nospec() to mitigate spectre attacks when the value is used v3(Matthew Auld) - Put the declarations at the start of the block (cherry picked from commit 944a3329b05510d55c69c2ef455136e2fc02de29)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-43280
Published : May 6, 2026, 12:16 p.m. | 3 hours, 48 minutes ago
Description :In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add bounds check on pat_index to prevent OOB kernel read in madvise When user provides a bogus pat_index value through the madvise IOCTL, the xe_pat_index_get_coh_mode() function performs an array access without validating bounds. This allows a malicious user to trigger an out-of-bounds kernel read from the xe->pat.table array. The vulnerability exists because the validation in madvise_args_are_sane() directly calls xe_pat_index_get_coh_mode(xe, args->pat_index.val) without first checking if pat_index is within [0, xe->pat.n_entries). Although xe_pat_index_get_coh_mode() has a WARN_ON to catch this in debug builds, it still performs the unsafe array access in production kernels. v2(Matthew Auld) - Using array_index_nospec() to mitigate spectre attacks when the value is used v3(Matthew Auld) - Put the declarations at the start of the block (cherry picked from commit 944a3329b05510d55c69c2ef455136e2fc02de29)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-43281 - mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate()
CVE ID :CVE-2026-43281
Published : May 6, 2026, 12:16 p.m. | 3 hours, 48 minutes ago
Description :In the Linux kernel, the following vulnerability has been resolved: mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate() Although it is guided that `#mbox-cells` must be at least 1, there are many instances of `#mbox-cells = <0>;` in the device tree. If that is the case and the corresponding mailbox controller does not provide `fw_xlate` and of_xlate` function pointers, `fw_mbox_index_xlate()` will be used by default and out-of-bounds accesses could occur due to lack of bounds check in that function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-43281
Published : May 6, 2026, 12:16 p.m. | 3 hours, 48 minutes ago
Description :In the Linux kernel, the following vulnerability has been resolved: mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate() Although it is guided that `#mbox-cells` must be at least 1, there are many instances of `#mbox-cells = <0>;` in the device tree. If that is the case and the corresponding mailbox controller does not provide `fw_xlate` and of_xlate` function pointers, `fw_mbox_index_xlate()` will be used by default and out-of-bounds accesses could occur due to lack of bounds check in that function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-43282 - RDMA/ionic: Fix potential NULL pointer dereference in ionic_query_port
CVE ID :CVE-2026-43282
Published : May 6, 2026, 12:16 p.m. | 3 hours, 48 minutes ago
Description :In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix potential NULL pointer dereference in ionic_query_port The function ionic_query_port() calls ib_device_get_netdev() without checking the return value which could lead to NULL pointer dereference, Fix it by checking the return value and return -ENODEV if the 'ndev' is NULL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-43282
Published : May 6, 2026, 12:16 p.m. | 3 hours, 48 minutes ago
Description :In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix potential NULL pointer dereference in ionic_query_port The function ionic_query_port() calls ib_device_get_netdev() without checking the return value which could lead to NULL pointer dereference, Fix it by checking the return value and return -ENODEV if the 'ndev' is NULL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-43283 - net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle
CVE ID :CVE-2026-43283
Published : May 6, 2026, 12:16 p.m. | 3 hours, 48 minutes ago
Description :In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle dma_free_coherent() in error path takes priv->rx_buf.alloc_len as the dma handle. This would lead to improper unmapping of the buffer. Change the dma handle to priv->rx_buf.alloc_phys.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-43283
Published : May 6, 2026, 12:16 p.m. | 3 hours, 48 minutes ago
Description :In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle dma_free_coherent() in error path takes priv->rx_buf.alloc_len as the dma handle. This would lead to improper unmapping of the buffer. Change the dma handle to priv->rx_buf.alloc_phys.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6210 - Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash
CVE ID :CVE-2026-6210
Published : May 6, 2026, 12:16 p.m. | 3 hours, 48 minutes ago
Description :A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to QSvgMarker* without verifying the node type. A non-marker element (such as a element) that references itself as a marker triggers an out-of-bounds heap read due to the object size difference between QSvgLine and QSvgMarker, followed by an endless recursion that bypasses the marker recursion guard through incorrect virtual dispatch. The result is an application crash (denial of service). This issue affects Qt SVG: from 6.7.0 before 6.8.8, from 6.9.0 before 6.11.1.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6210
Published : May 6, 2026, 12:16 p.m. | 3 hours, 48 minutes ago
Description :A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to QSvgMarker* without verifying the node type. A non-marker element (such as a element) that references itself as a marker triggers an out-of-bounds heap read due to the object size difference between QSvgLine and QSvgMarker, followed by an endless recursion that bypasses the marker recursion guard through incorrect virtual dispatch. The result is an application crash (denial of service). This issue affects Qt SVG: from 6.7.0 before 6.8.8, from 6.9.0 before 6.11.1.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-40562 - Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence
CVE ID :CVE-2026-40562
Published : May 6, 2026, 1:16 p.m. | 2 hours, 49 minutes ago
Description :Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40562
Published : May 6, 2026, 1:16 p.m. | 2 hours, 49 minutes ago
Description :Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-5081 - Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure
CVE ID :CVE-2026-5081
Published : May 6, 2026, 1:16 p.m. | 2 hours, 49 minutes ago
Description :Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId (added in version 1.54) uses the value of the UNIQUE_ID environment variable for the session id. The UNIQUE_ID variable is set by the Apache mod_unique_id plugin, which generates unique ids for the request. The id is based on the IPv4 address, the process id, the epoch time, a 16-bit counter and a thread index, with no obfuscation. The server IP is often available to the public, and if not available, can be guessed from previous session ids being issued. The process ids may also be guessed from previous session ids. The timestamp is easily guessed (and leaked in the HTTP Date response header). The purpose of mod_unique_id is to assign a unique id to requests so that events can be correlated in different logs. The id is not designed, nor is it suitable for security purposes.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-5081
Published : May 6, 2026, 1:16 p.m. | 2 hours, 49 minutes ago
Description :Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId (added in version 1.54) uses the value of the UNIQUE_ID environment variable for the session id. The UNIQUE_ID variable is set by the Apache mod_unique_id plugin, which generates unique ids for the request. The id is based on the IPv4 address, the process id, the epoch time, a 16-bit counter and a thread index, with no obfuscation. The server IP is often available to the public, and if not available, can be guessed from previous session ids being issued. The process ids may also be guessed from previous session ids. The timestamp is easily guessed (and leaked in the HTTP Date response header). The purpose of mod_unique_id is to assign a unique id to requests so that events can be correlated in different logs. The id is not designed, nor is it suitable for security purposes.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8026 - FlowiseAI Flowise API Response account.service.ts login information disclosure
CVE ID :CVE-2026-8026
Published : May 6, 2026, 1:16 p.m. | 2 hours, 49 minutes ago
Description :A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult. You should upgrade the affected component.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8026
Published : May 6, 2026, 1:16 p.m. | 2 hours, 49 minutes ago
Description :A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult. You should upgrade the affected component.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-36358 - Juzaweb CMS Cross-Site Scripting (XSS)
CVE ID :CVE-2026-36358
Published : May 6, 2026, 2:16 p.m. | 1 hour, 48 minutes ago
Description :Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-36358
Published : May 6, 2026, 2:16 p.m. | 1 hour, 48 minutes ago
Description :Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6863 - HTTP Filestore Endpoints Misapply Permissions Across Organizations
CVE ID :CVE-2026-6863
Published : May 6, 2026, 2:50 p.m. | 1 hour, 14 minutes ago
Description :Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization (the lowest authenticated role, holding only READ_RESULTS permission ) can issue a single authenticated HTTP GET that can read any files from other orgs - even if they have no explicit permissions in the target org. However, the problem does not occur in reverse - a user with read access to a sub org is unable to read from other org or the root org.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6863
Published : May 6, 2026, 2:50 p.m. | 1 hour, 14 minutes ago
Description :Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization (the lowest authenticated role, holding only READ_RESULTS permission ) can issue a single authenticated HTTP GET that can read any files from other orgs - even if they have no explicit permissions in the target org. However, the problem does not occur in reverse - a user with read access to a sub org is unable to read from other org or the root org.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6691 - MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow
CVE ID :CVE-2026-6691
Published : May 6, 2026, 3:08 p.m. | 56 minutes ago
Description :The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6691
Published : May 6, 2026, 3:08 p.m. | 56 minutes ago
Description :The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...