|
61
|
- |
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. …
New
|
CWE-284
CWE-639
CWE-915
Improper Access Control
Authorization Bypass Through User-Controlled Key
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-46441
|
2026-06-9 02:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
62
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-46400
|
2026-06-9 02:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
63
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this…
New
|
CWE-15
CWE-73
CWE-78
External Control of System or Configuration Setting
External Control of File Name or Path
OS Command
|
CVE-2026-46399
|
2026-06-9 02:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
64
|
6.5 |
MEDIUM
Network
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low…
New
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-46397
|
2026-06-9 02:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
65
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions prior to 26.0.0 allows authenticated users to fetch …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-46393
|
2026-06-9 02:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
66
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct substring-only matching …
New
|
CWE-183
CWE-918
Permissive List of Allowed Inputs
Server-Side Request Forgery (SSRF)
|
CVE-2026-46391
|
2026-06-9 02:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
67
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Reject empty multisync extension to prevent infinite loop
v3d_get_extensions() walks a userspace-provided singly-linked …
New
|
-
|
CVE-2026-46314
|
2026-06-9 02:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
68
|
8.8 |
HIGH
Network
|
mbs-solutions
|
universal_gateway_firmware
|
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-35085
|
2026-06-9 02:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
69
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
media: intel/ipu6: fix error pointer dereference
In a error path isp->psys is confirmed to be an error pointer not NULL so
this c…
New
|
-
|
CVE-2026-46313
|
2026-06-9 02:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
70
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
media: videobuf2: Set vma_flags in vb2_dma_sg_mmap
vb2_dma_contig sets VMA flags VM_DONTEXPAND and VM_DONTDUMP and I do not
see a…
New
|
-
|
CVE-2026-46312
|
2026-06-9 02:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
