|
3541
|
9.9 |
CRITICAL
Network
|
-
|
-
|
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated u…
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-45312
|
2026-06-2 11:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3542
|
- |
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create se…
|
CWE-269
CWE-284
Improper Privilege Management
Improper Access Control
|
CVE-2026-45043
|
2026-06-2 11:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3543
|
8.8 |
HIGH
Network
|
tauri
|
tauri
|
Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted loca…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42184
|
2026-06-2 09:52 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3544
|
8.8 |
HIGH
Network
|
dalibo
|
anonymizer
|
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-an…
|
CWE-89
SQL Injection
|
CVE-2026-9617
|
2026-06-2 09:40 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3545
|
6.8 |
MEDIUM
Network
|
gradio_project
|
gradio
|
Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across…
|
CWE-384
Session Fixation
|
CVE-2026-48545
|
2026-06-2 09:34 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3546
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A segmentation violation in the gf_media_get_color_info function (/media_tools/isom_tools.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a …
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-60495
|
2026-06-2 09:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3547
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A heap use-after-free in the dasher_process function (/filters/dasher.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 file.
|
CWE-416
Use After Free
|
CVE-2025-60486
|
2026-06-2 09:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3548
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A segmentation violation in the gf_isom_apple_set_tag_ex function (/isomedia/isom_write.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a cr…
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-60485
|
2026-06-2 09:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3549
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A NULL pointer dereference in the gf_ac4_pres_b_4_back_channels_present function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) …
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-60483
|
2026-06-2 09:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3550
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A NULL pointer dereference in the gf_odf_ac4_cfg_dsi_v1 function (/odf/descriptors.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted…
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-60481
|
2026-06-2 09:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
