|
791
|
7.5 |
HIGH
Network
|
-
|
-
|
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint (/api/trigger/v1/webhook/{trigger_id}) is accessible without authentication. The WebhookAuth clas…
New
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-44847
|
2026-05-27 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
792
|
8.2 |
HIGH
Network
|
-
|
-
|
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other ap…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-44843
|
2026-05-27 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
793
|
5.9 |
MEDIUM
Network
|
-
|
-
|
view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file …
New
|
CWE-187
Partial String Comparison
|
CVE-2026-44837
|
2026-05-27 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
794
|
7.5 |
HIGH
Network
|
-
|
-
|
Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment() (unsandboxed) to render prompt templates. Applications that pass use…
New
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-44209
|
2026-05-27 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
795
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope.
An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which a…
New
|
CWE-202
Exposure of Sensitive Information Through Data Queries
|
CVE-2026-42797
|
2026-05-27 06:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
796
|
- |
|
-
|
-
|
MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API (chat/api/oss/get_url). The en…
New
|
CWE-862
Missing Authorization
|
CVE-2026-42337
|
2026-05-27 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
797
|
- |
|
-
|
-
|
MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) bypass in the OSS file service URL fetch functionality due to inconsi…
New
|
CWE-367
CWE-918
Time-of-check Time-of-use (TOCTOU) Race Condition
Server-Side Request Forgery (SSRF)
|
CVE-2026-42336
|
2026-05-27 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
798
|
- |
|
-
|
-
|
MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) bypass in the OSS file service URL fetch (chat/api/o…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42335
|
2026-05-27 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
799
|
9.8 |
CRITICAL
Network
|
-
|
-
|
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the ap…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-3660
|
2026-05-27 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
800
|
- |
|
-
|
-
|
AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an ove…
New
|
-
|
CVE-2025-68711
|
2026-05-27 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
