|
1521
|
- |
|
-
|
-
|
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks im…
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-0420
|
2026-06-11 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1522
|
- |
|
-
|
-
|
An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intende…
|
CWE-20
Improper Input Validation
|
CVE-2026-0416
|
2026-06-11 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1523
|
- |
|
-
|
-
|
A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification …
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-0413
|
2026-06-11 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1524
|
- |
|
-
|
-
|
An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the Orbi router. The listed NE…
|
CWE-200
Information Exposure
|
CVE-2026-0411
|
2026-06-11 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1525
|
- |
|
-
|
-
|
Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain …
|
CWE-20
CWE-306
Improper Input Validation
Missing Authentication for Critical Function
|
CVE-2026-9212
|
2026-06-11 14:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1526
|
8.8 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middlewar…
|
CWE-862
Missing Authorization
|
CVE-2026-46444
|
2026-06-11 13:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1527
|
6.5 |
MEDIUM
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData…
|
CWE-200
Information Exposure
|
CVE-2026-46443
|
2026-06-11 13:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1528
|
9.9 |
CRITICAL
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authen…
|
CWE-94
Code Injection
|
CVE-2026-46442
|
2026-06-11 13:07 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1529
|
9.6 |
CRITICAL
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. …
|
CWE-284
CWE-639
CWE-915
Improper Access Control
Authorization Bypass Through User-Controlled Key
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-46441
|
2026-06-11 13:06 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1530
|
9.1 |
CRITICAL
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting a…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-46440
|
2026-06-11 13:06 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
