|
151
|
6.1 |
MEDIUM
Network
|
langflow
|
langflow
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" (or "Public Flows" in code) contains a potential arbitrary file-read vulnera…
New
|
CWE-73
External Control of File Name or Path
|
CVE-2026-48520
|
2026-06-27 02:06 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
10.0 |
CRITICAL
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated atta…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-48020
|
2026-06-27 02:04 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
10.0 |
CRITICAL
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection (SNICheck) that allows an unauthenticated cl…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-48491
|
2026-06-27 02:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
9.8 |
CRITICAL
Network
|
wolfssl
|
wolfssl
|
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still…
New
|
CWE-416
Use After Free
|
CVE-2026-7531
|
2026-06-27 01:53 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
The X25519 x86_64 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19…
New
|
CWE-682
Incorrect Calculation
|
CVE-2026-10512
|
2026-06-27 01:53 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
6.5 |
MEDIUM
Network
|
rtklib
|
rtklib
|
RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count va…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-56789
|
2026-06-27 01:53 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
7.1 |
HIGH
Local
|
rtklib
|
rtklib
|
RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-56788
|
2026-06-27 01:53 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
7.5 |
HIGH
Network
|
rtklib
|
rtklib
|
RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via craft…
New
|
CWE-193
Off-by-one Error
|
CVE-2026-56787
|
2026-06-27 01:53 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
9.8 |
CRITICAL
Network
|
rtklib
|
rtklib
|
RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fi…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-56786
|
2026-06-27 01:52 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
9.8 |
CRITICAL
Network
|
anysphere
|
cursor
|
Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the agent canonicalizes the target path to confirm it…
New
|
CWE-59
Link Following
|
CVE-2026-50549
|
2026-06-27 01:51 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
