Fri, Jan 09 · 07:16 AM CSTCVE-2025-70974
10.0/10 · Must read/watchNVDvuln
Summary
Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an attacker-supplied payload locate
CVECVE-2025-70974
SeverityCRITICAL
TypeUPDATED
PublishedFri, Jan 09 · 07:16 AM CST
ModifiedSat, Jun 27 · 05:16 AM CDT
Mon, Jun 22 · 02:16 PM CDTCVE-2026-10561
10.0/10 · Must read/watchNVDvuln
Summary
IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise
CVECVE-2026-10561
SeverityCRITICAL
TypeUPDATED
PublishedMon, Jun 22 · 02:16 PM CDT
ModifiedFri, Jun 26 · 08:19 PM CDT
Mon, May 18 · 05:16 PM CDTCVE-2026-45829
10.0/10 · Must read/watchNVDvuln
Summary
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint
CVECVE-2026-45829
SeverityCRITICAL
TypeUPDATED
PublishedMon, May 18 · 05:16 PM CDT
ModifiedSat, Jun 27 · 05:16 AM CDT
Mon, Apr 27 · 09:16 AM CDTCVE-2026-40453
9.9/10 · Must read/watchNVDvuln
Summary
The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was not applied to five non-HTTP HeaderFilterStrategy implementations: JmsHeade
CVECVE-2026-40453
SeverityCRITICAL
TypeUPDATED
PublishedMon, Apr 27 · 09:16 AM CDT
ModifiedSat, Jun 27 · 05:16 AM CDT
Thu, Jan 04 · 06:29 AM CSTCVE-2017-8046
9.8/10 · Must read/watchNVDvuln
Summary
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
CVECVE-2017-8046
SeverityCRITICAL
TypeUPDATED
PublishedThu, Jan 04 · 06:29 AM CST
ModifiedFri, Jun 26 · 06:44 PM CDT
Wed, Apr 11 · 01:29 PM CDTCVE-2018-1273
9.8/10 · Must read/watchNVDvuln
Summary
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data
CVECVE-2018-1273
SeverityCRITICAL
TypeUPDATED
PublishedWed, Apr 11 · 01:29 PM CDT
ModifiedFri, Jun 26 · 06:44 PM CDT
Sat, May 16 · 04:16 PM CDTCVE-2021-47952
9.8/10 · Must read/watchNVDvuln
Summary
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during deserialization to execute
CVECVE-2021-47952
SeverityCRITICAL
TypeUPDATED
PublishedSat, May 16 · 04:16 PM CDT
ModifiedSat, Jun 27 · 05:16 AM CDT
Mon, Feb 02 · 11:16 PM CSTCVE-2026-22778
9.8/10 · Must read/watchNVDvuln
Summary
vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guesses to ~8 guesses. Thi
CVECVE-2026-22778
SeverityCRITICAL
TypeUPDATED
PublishedMon, Feb 02 · 11:16 PM CST
ModifiedSat, Jun 27 · 05:16 AM CDT
Fri, Mar 20 · 11:16 PM CDTCVE-2026-33228
9.8/10 · Must read/watchNVDvuln
Summary
flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key "__proto__" ret
CVECVE-2026-33228
SeverityCRITICAL
TypeUPDATED
PublishedFri, Mar 20 · 11:16 PM CDT
ModifiedSat, Jun 27 · 05:16 AM CDT
Fri, May 08 · 04:16 AM CDTCVE-2026-42208
9.8/10 · Must read/watchNVDvuln
Summary
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could
CVECVE-2026-42208
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 08 · 04:16 AM CDT
ModifiedSat, Jun 27 · 05:16 AM CDT
Fri, May 01 · 03:16 PM CDTCVE-2026-43037
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() Oskar Kjos reported the following problem. ip4ip6_err() calls icmp_send() on a cloned skb whose cb[] was written by the IPv6 receive path as struct inet6_skb_parm. icmp_send() passes IPCB(skb2) to __ip_optio
CVECVE-2026-43037
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 01 · 03:16 PM CDT
ModifiedSat, Jun 27 · 05:16 AM CDT
Tue, May 19 · 12:16 PM CDTCVE-2026-43493
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAY_BACKLOG requests MAY_BACKLOG requests can return EBUSY. Handle them by checking for that value and filtering out EINPROGRESS notifications.
CVECVE-2026-43493
SeverityCRITICAL
TypeUPDATED
PublishedTue, May 19 · 12:16 PM CDT
ModifiedFri, Jun 26 · 05:30 PM CDT
Thu, May 21 · 01:16 PM CDTCVE-2026-43501
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows ipv6_rpl_srh_rcv() decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6_hdr->daddr, recompresses, then pulls the old header and pushes the new one plus the IPv6
CVECVE-2026-43501
SeverityCRITICAL
TypeUPDATED
PublishedThu, May 21 · 01:16 PM CDT
ModifiedFri, Jun 26 · 05:28 PM CDT
Tue, Apr 07 · 05:16 PM CDTCVE-2026-4631
9.8/10 · Must read/watchNVDvuln
Summary
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH options or shell commands,
CVECVE-2026-4631
SeverityCRITICAL
TypeUPDATED
PublishedTue, Apr 07 · 05:16 PM CDT
ModifiedSat, Jun 27 · 05:16 AM CDT
Tue, May 19 · 02:16 PM CDTCVE-2026-47323
9.8/10 · Must read/watchNVDvuln
Summary
Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http) only filter outbound Camel-
CVECVE-2026-47323
SeverityCRITICAL
TypeUPDATED
PublishedTue, May 19 · 02:16 PM CDT
ModifiedSat, Jun 27 · 05:16 AM CDT
Tue, May 19 · 10:16 AM CDTCVE-2026-2611
9.6/10 · Must read/watchNVDvuln
Summary
In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. By bypassing the loopba
CVECVE-2026-2611
SeverityCRITICAL
TypeUPDATED
PublishedTue, May 19 · 10:16 AM CDT
ModifiedSat, Jun 27 · 05:16 AM CDT
Fri, Feb 06 · 08:16 PM CSTCVE-2026-1709
9.4/10 · Must read/watchNVDvuln
Summary
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving pub
CVECVE-2026-1709
SeverityCRITICAL
TypeUPDATED
PublishedFri, Feb 06 · 08:16 PM CST
ModifiedSat, Jun 27 · 05:16 AM CDT
Mon, Apr 27 · 10:16 AM CDTCVE-2026-33454
9.4/10 · Must read/watchNVDvuln
Summary
The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a result, when a Camel ap
CVECVE-2026-33454
SeverityCRITICAL
TypeUPDATED
PublishedMon, Apr 27 · 10:16 AM CDT
ModifiedSat, Jun 27 · 05:16 AM CDT
Mon, Mar 03 · 02:15 PM CSTCVE-2025-26988
9.3/10 · Must read/watchNVDvuln
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through <= 3.7.8.
CVECVE-2025-26988
SeverityCRITICAL
TypeUPDATED
PublishedMon, Mar 03 · 02:15 PM CST
ModifiedFri, Jun 26 · 05:13 PM CDT
Sat, Jan 10 · 03:15 AM CSTCVE-2025-61686
9.1/10 · Must read/watchNVDvuln
Summary
React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage() is being used from @react-router/node (or @remix-run/node/@remix-run/deno in Remix v2) with an unsigned cookie, it i
CVECVE-2025-61686
SeverityCRITICAL
TypeUPDATED
PublishedSat, Jan 10 · 03:15 AM CST
ModifiedSat, Jun 27 · 05:16 AM CDT
Mon, Jun 22 · 04:16 PM CDTCVE-2026-12628
9.1/10 · Must read/watchNVDvuln
Summary
IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardcoded credential in the FlashCopy Manager (FCM) authentication mechanism. The application contains a static credential em
CVECVE-2026-12628
SeverityCRITICAL
TypeUPDATED
PublishedMon, Jun 22 · 04:16 PM CDT
ModifiedFri, Jun 26 · 08:01 PM CDT
Thu, Jan 22 · 10:16 PM CSTCVE-2026-20750
9.1/10 · Must read/watchNVDvuln
Summary
Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization.
CVECVE-2026-20750
SeverityCRITICAL
TypeUPDATED
PublishedThu, Jan 22 · 10:16 PM CST
ModifiedSat, Jun 27 · 05:16 AM CDT
Thu, Jan 22 · 10:16 PM CSTCVE-2026-20897
9.1/10 · Must read/watchNVDvuln
Summary
Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories.
CVECVE-2026-20897
SeverityCRITICAL
TypeUPDATED
PublishedThu, Jan 22 · 10:16 PM CST
ModifiedSat, Jun 27 · 05:16 AM CDT
Thu, Jan 22 · 10:16 PM CSTCVE-2026-20912
9.1/10 · Must read/watchNVDvuln
Summary
Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different public repository, making it accessible to unauthorized users.
CVECVE-2026-20912
SeverityCRITICAL
TypeUPDATED
PublishedThu, Jan 22 · 10:16 PM CST
ModifiedSat, Jun 27 · 05:16 AM CDT
Fri, Mar 27 · 03:16 PM CDTCVE-2026-27876
9.1/10 · Must read/watchNVDvuln
Summary
A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the sqlExpressions feature tog
CVECVE-2026-27876
SeverityCRITICAL
TypeUPDATED
PublishedFri, Mar 27 · 03:16 PM CDT
ModifiedSat, Jun 27 · 05:16 AM CDT