|
1641
|
- |
|
-
|
-
|
Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kvrocks.
This issue affects Apache Kvrocks: 2.8.0.
Users are recommended to upgrade to version 2.16.0, which fixe…
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-41566
|
2026-06-25 22:27 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1642
|
- |
|
-
|
-
|
Relative Path Traversal vulnerability in Apache Kvrocks.
This issue affects Apache Kvrocks: from 1.0.0 through 2.15.0.
Users are recommended to upgrade to version 2.16.0, which fixes the issue.
|
CWE-23
Relative Path Traversal
|
CVE-2026-45188
|
2026-06-25 22:27 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1643
|
- |
|
-
|
-
|
A vulnerability in Apache Kvrocks.
This issue affects Apache Kvrocks: from 2.2.0 through 2.15.0.
Users are recommended to upgrade to version 2.16.0, which fixes the issue.
|
-
|
CVE-2026-46751
|
2026-06-25 22:27 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1644
|
- |
|
-
|
-
|
Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks.
This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0.
Users are recommended to upgrade to version 2.16.0, which fix…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-46752
|
2026-06-25 22:27 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1645
|
- |
|
-
|
-
|
When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass.
This vulnerability is similar to https://www.cve.or…
|
CWE-289
Authentication Bypass by Alternate Name
|
CVE-2026-56091
|
2026-06-25 22:27 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1646
|
- |
|
-
|
-
|
"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2026-56130
|
2026-06-25 22:27 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1647
|
7.1 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbi…
|
CWE-284
CWE-285
CWE-862
Improper Access Control
Improper Authorization
Missing Authorization
|
CVE-2026-54012
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1648
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attributes' parameter in all versions up to, and including, 1.7.2 due to…
|
CWE-79
Cross-site Scripting
|
CVE-2026-11614
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1649
|
7.2 |
HIGH
Network
|
-
|
-
|
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value` parameter of the `arf_save_incomplete_form_data` AJAX action in all versions up to, and including, 7.1.3 …
|
CWE-79
Cross-site Scripting
|
CVE-2026-3652
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1650
|
7.2 |
HIGH
Network
|
-
|
-
|
The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email' shortcode in all versions up to, and including, 1.03 due to insufficient input sa…
|
CWE-79
Cross-site Scripting
|
CVE-2026-10091
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
