|
521
|
9.1 |
CRITICAL
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated atta…
Update
|
CWE-288 CWE-22
Authentication Bypass Using an Alternate Path or Channel Path Traversal
|
CVE-2026-48020
|
2026-06-30 12:20 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
522
|
7.5 |
HIGH
Network
|
envoyproxy
|
envoy
|
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTED_SERVER_NAME(X:Y)% is used in log format and host relate…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-47220
|
2026-06-30 12:20 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
523
|
9.0 |
CRITICAL
Network
|
jupyter
|
jupyter_server
|
Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox …
Update
|
CWE-79 CWE-1021
Cross-site Scripting Improper Restriction of Rendered UI Layers or Frames
|
CVE-2026-44727
|
2026-06-30 12:20 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
524
|
9.4 |
CRITICAL
Network
|
docling
|
docling
|
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard …
Update
|
CWE-776 CWE-611
XML Entity Expansion XXE
|
CVE-2026-44020
|
2026-06-30 12:19 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
525
|
8.3 |
HIGH
Network
|
docling
|
docling
|
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP …
Update
|
CWE-22
Path Traversal
|
CVE-2026-44017
|
2026-06-30 12:19 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
526
|
8.2 |
HIGH
Network
|
docling
|
docling
|
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions >= 2.82.0, < 2.91.0, if the HTML backend was explicitly con…
Update
|
CWE-94 CWE-918
Code Injection Server-Side Request Forgery (SSRF)
|
CVE-2026-44016
|
2026-06-30 12:19 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
527
|
7.5 |
HIGH
Network
|
vllm
|
vllm
|
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to …
Update
|
CWE-94 CWE-617
Code Injection Reachable Assertion
|
CVE-2026-41523
|
2026-06-30 12:19 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
528
|
7.8 |
HIGH
Local
|
gimp
|
gimp
|
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User inte…
Update
|
CWE-122 CWE-131
Heap-based Buffer Overflow Incorrect Calculation of Buffer Size
|
CVE-2026-2050
|
2026-06-30 12:18 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
529
|
7.5 |
HIGH
Network
|
-
|
-
|
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constru…
New
|
CWE-436 CWE-551
Interpretation Conflict
|
CVE-2026-13676
|
2026-06-30 12:17 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
530
|
7.1 |
HIGH
Local
|
-
|
-
|
A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenU…
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-13601
|
2026-06-30 12:17 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|