|
671
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a CSRF on TARGET through /users/:id via POST parameter "user[admin]". This vulnerability is fix…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-52784
|
2026-06-27 05:20 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
672
|
4.3 |
MEDIUM
Network
|
jenkins
|
pipeline\
|
Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types rel…
New
|
CWE-470
Unsafe Reflection
|
CVE-2026-57284
|
2026-06-27 05:20 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
673
|
4.3 |
MEDIUM
Network
|
jenkins
|
pipeline\
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other …
New
|
CWE-352
Origin Validation Error
|
CVE-2026-57283
|
2026-06-27 05:20 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
674
|
10.0 |
CRITICAL
Network
|
langflow
|
langflow
|
IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute ar…
New
|
CWE-94
Code Injection
|
CVE-2026-10561
|
2026-06-27 05:19 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
675
|
7.8 |
HIGH
Local
|
gimp
|
gimp
|
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User inte…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-2050
|
2026-06-27 05:18 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
676
|
7.6 |
HIGH
Adjacent
|
home-assistant
|
home-assistant
|
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration registers an HTTP endpoint, KonnectedView (homeassistant…
New
|
CWE-200
CWE-306
Information Exposure
Missing Authentication for Critical Function
|
CVE-2026-54317
|
2026-06-27 05:17 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
677
|
6.3 |
MEDIUM
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, several direct, index-addressed Ollama proxy routes accept a caller-supplied url_idx…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-54021
|
2026-06-27 05:17 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
678
|
7.6 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI patched SVG XSS in user profile images and webhook profile images but for…
New
|
CWE-79
CWE-116
CWE-693
Cross-site Scripting
Improper Encoding or Escaping of Output
Protection Mechanism Failure
|
CVE-2026-54013
|
2026-06-27 05:17 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
679
|
6.5 |
MEDIUM
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the chat message listener allows non-same-origin input:prompt and action:submit mess…
New
|
CWE-346
Origin Validation Error
|
CVE-2026-54007
|
2026-06-27 05:17 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
680
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Use pci_name() for debugfs directory naming
Use pci_name(pdev) for the per-device debugfs directory instead of
hardcod…
New
|
-
|
CVE-2026-53324
|
2026-06-27 05:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
