|
931
|
7.5 |
HIGH
Network
|
-
|
-
|
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes.
When an object is initialised before forking, or when the functional interface is used, then the in…
New
|
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
|
CVE-2026-11625
|
2026-06-27 02:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
932
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertex…
New
|
CWE-697
Incorrect Comparison
|
CVE-2026-10097
|
2026-06-27 02:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
933
|
- |
|
-
|
-
|
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message,…
New
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2023-20572
|
2026-06-27 02:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
934
|
- |
|
-
|
-
|
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potential…
New
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2023-20540
|
2026-06-27 02:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
935
|
8.8 |
HIGH
Network
|
langflow
|
langflow
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-33760
|
2026-06-27 02:10 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
936
|
6.5 |
MEDIUM
Network
|
langflow
|
langflow
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (POST /api/v1/knowledge_bases). This…
New
|
CWE-22
Path Traversal
|
CVE-2026-42867
|
2026-06-27 02:09 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
937
|
9.6 |
CRITICAL
Network
|
langflow
|
langflow
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains a critical RCE vulnerability. Shareable …
New
|
CWE-94
Code Injection
|
CVE-2026-48519
|
2026-06-27 02:07 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
938
|
6.1 |
MEDIUM
Network
|
langflow
|
langflow
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" (or "Public Flows" in code) contains a potential arbitrary file-read vulnera…
New
|
CWE-73
External Control of File Name or Path
|
CVE-2026-48520
|
2026-06-27 02:06 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
939
|
10.0 |
CRITICAL
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated atta…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-48020
|
2026-06-27 02:04 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
940
|
10.0 |
CRITICAL
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection (SNICheck) that allows an unauthenticated cl…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-48491
|
2026-06-27 02:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
