|
211
|
7.8 |
HIGH
Local
|
oracle
|
application_development_framework
|
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. E…
New
|
CWE-284
Improper Access Control
|
CVE-2026-35243
|
2026-04-25 01:43 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212
|
9.1 |
CRITICAL
Network
|
oracle
|
enterprise_manager_base_platform
|
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily explo…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-34279
|
2026-04-25 01:43 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213
|
6.0 |
MEDIUM
Local
|
oracle
|
graalvm
jdk
jre
|
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u481 and 8u481-b50; …
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-22003
|
2026-04-25 01:42 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…
New
|
CWE-416
Use After Free
|
CVE-2026-6919
|
2026-04-25 01:39 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted …
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-6920
|
2026-04-25 01:39 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)
New
|
CWE-362
Race Condition
|
CVE-2026-6921
|
2026-04-25 01:39 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217
|
8.8 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javas…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-41269
|
2026-04-25 01:39 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218
|
8.3 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) protection bypass vulnerability exists in the Custom Func…
New
|
CWE-284
CWE-918
Improper Access Control
Server-Side Request Forgery (SSRF)
|
CVE-2026-41270
|
2026-04-25 01:38 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219
|
8.3 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain co…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41271
|
2026-04-25 01:37 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220
|
7.1 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Sid…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41272
|
2026-04-25 01:37 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
