|
4351
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static_headers_middleware.py of the co…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6106
|
2026-04-25 03:00 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4352
|
3.5 |
LOW
Network
|
-
|
-
|
A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/middleware/chat_headers_middleware.py of the component ChatHeadersMiddleware.…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6107
|
2026-04-25 03:00 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4353
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py of the component Mod…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-6108
|
2026-04-25 03:00 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4354
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
x86/efi: defer freeing of boot services memory
efi_free_boot_services() frees memory occupied by EFI_BOOT_SERVICES_CODE
and EFI_B…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-23352
|
2026-04-25 02:59 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4355
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
x86/efi: aplazar la liberación de la memoria de servicios de arranque
efi_free_boot_services() libera la memoria ocupada por EFI…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-23352
|
2026-04-25 02:59 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4356
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload End…
|
CWE-264
CWE-265
Permissions, Privileges, and Access Controls
Privilege Issues
|
CVE-2026-6117
|
2026-04-25 02:58 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4357
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulat…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-6118
|
2026-04-25 02:58 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4358
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request fo…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6119
|
2026-04-25 02:58 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4359
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler…
|
CWE-74
CWE-94
Injection
Code Injection
|
CVE-2026-6125
|
2026-04-25 02:58 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4360
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missin…
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-6126
|
2026-04-25 02:58 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
