|
141
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim int…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-13434
|
2026-06-27 02:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
142
|
8.4 |
HIGH
Local
|
-
|
-
|
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device P…
New
|
CWE-639
CWE-862
Authorization Bypass Through User-Controlled Key
Missing Authorization
|
CVE-2026-12411
|
2026-06-27 02:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
143
|
7.5 |
HIGH
Network
|
-
|
-
|
Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes.
When an object is initialised before forking, then the internal state for the PRNG is shared…
New
|
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
|
CVE-2026-11702
|
2026-06-27 02:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
144
|
7.5 |
HIGH
Network
|
-
|
-
|
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes.
When an object is initialised before forking, or when the functional interface is used, then the in…
New
|
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
|
CVE-2026-11625
|
2026-06-27 02:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
145
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertex…
New
|
CWE-697
Incorrect Comparison
|
CVE-2026-10097
|
2026-06-27 02:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
146
|
- |
|
-
|
-
|
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message,…
New
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2023-20572
|
2026-06-27 02:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
147
|
- |
|
-
|
-
|
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potential…
New
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2023-20540
|
2026-06-27 02:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
148
|
8.8 |
HIGH
Network
|
langflow
|
langflow
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-33760
|
2026-06-27 02:10 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
149
|
6.5 |
MEDIUM
Network
|
langflow
|
langflow
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (POST /api/v1/knowledge_bases). This…
New
|
CWE-22
Path Traversal
|
CVE-2026-42867
|
2026-06-27 02:09 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
150
|
9.6 |
CRITICAL
Network
|
langflow
|
langflow
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains a critical RCE vulnerability. Shareable …
New
|
CWE-94
Code Injection
|
CVE-2026-48519
|
2026-06-27 02:07 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
