|
1321
|
3.3 |
LOW
Local
|
tenable
|
nessus
|
A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potent…
|
CWE-89
SQL Injection
|
CVE-2026-57588
|
2026-06-27 01:48 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1322
|
5.3 |
MEDIUM
Network
|
tenable
|
nessus
|
A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potential…
|
CWE-89
SQL Injection
|
CVE-2026-57587
|
2026-06-27 01:47 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1323
|
5.3 |
MEDIUM
Network
|
nokogiri
|
nokogiri
|
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XP…
|
CWE-416
Use After Free
|
CVE-2026-57437
|
2026-06-27 01:47 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1324
|
5.3 |
MEDIUM
Network
|
nokogiri
|
nokogiri
|
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Document#root= validated only that the new root was a Nokogiri::XML::Node, allowing …
|
CWE-416
Use After Free
|
CVE-2026-57436
|
2026-06-27 01:47 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1325
|
3.8 |
LOW
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts vi…
|
CWE-863
Incorrect Authorization
|
CVE-2026-8823
|
2026-06-27 01:39 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1326
|
7.1 |
HIGH
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces al…
|
CWE-284 CWE-863
Improper Access Control Incorrect Authorization
|
CVE-2026-54761
|
2026-06-27 01:37 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1327
|
8.6 |
HIGH
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to…
|
CWE-636 CWE-693
Not Failing Securely ('Failing Open') Protection Mechanism Failure
|
CVE-2026-54762
|
2026-06-27 01:37 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1328
|
7.5 |
HIGH
Network
|
-
|
-
|
Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this…
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2021-47986
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1329
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in …
|
CWE-73
External Control of File Name or Path
|
CVE-2025-71334
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1330
|
8.1 |
HIGH
Network
|
-
|
-
|
Flowise before 3.0.10 (affected versions 3.0.7 and earlier) fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who already holds an active sessi…
|
CWE-613
Insufficient Session Expiration
|
CVE-2025-71335
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|