|
741
|
3.3 |
LOW
Local
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which …
New
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-49460
|
2026-06-26 01:51 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
742
|
7.7 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query parameter is omitted (the default), the endpoint returns…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-56268
|
2026-06-26 01:50 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
743
|
5.5 |
MEDIUM
Local
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text …
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-49461
|
2026-06-26 01:48 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
744
|
5.5 |
MEDIUM
Local
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in…
New
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-54530
|
2026-06-26 01:47 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
745
|
5.5 |
MEDIUM
Local
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with ou…
New
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-54531
|
2026-06-26 01:46 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
746
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures doe…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-46349
|
2026-06-26 01:32 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
747
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures doe…
New
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2026-48028
|
2026-06-26 01:32 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
748
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websites credit authors of their articles. To prevent fal…
New
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2026-50128
|
2026-06-26 01:32 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
749
|
7.5 |
HIGH
Network
|
-
|
-
|
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by (Uncaught Exception vulerability), due to missing exception …
New
|
CWE-248
Uncaught Exception
|
CVE-2026-50129
|
2026-06-26 01:32 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
750
|
- |
|
-
|
-
|
Our payment integration with Mollie did not properly validate payment
status responses. An attacker could use a successful payment status
response from one payment and supply it to the system for a…
New
|
CWE-841
Improper Enforcement of Behavioral Workflow
|
CVE-2026-57536
|
2026-06-26 01:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
