|
1111
|
9.8 |
CRITICAL
Network
|
kidocode
|
crawl4ai
|
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentic…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-56265
|
2026-06-26 22:52 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1112
|
9.1 |
CRITICAL
Network
|
imagemagick
|
imagemagick
|
ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in coders/psd.c) that causes a heap out-of-bounds read on …
|
CWE-125
Out-of-bounds Read
|
CVE-2026-56367
|
2026-06-26 22:50 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1113
|
8.2 |
HIGH
Network
|
imagemagick
|
imagemagick
|
ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file can trigger a one-byte heap out-of-bounds read during…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-56378
|
2026-06-26 22:41 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1114
|
7.8 |
HIGH
Local
|
langflow
|
langflow
|
A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to …
|
CWE-74
CWE-94
Injection
Code Injection
|
CVE-2026-12822
|
2026-06-26 22:35 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1115
|
7.5 |
HIGH
Network
|
nokogiri
|
nokogiri
|
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacin…
|
CWE-416
CWE-825
Use After Free
Expired Pointer Dereference
|
CVE-2026-57435
|
2026-06-26 22:32 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1116
|
7.5 |
HIGH
Network
|
nokogiri
|
nokogiri
|
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper …
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-57434
|
2026-06-26 22:32 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1117
|
8.2 |
HIGH
Network
|
nokogiri
|
nokogiri
|
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a non-string, or a string containing a n…
|
CWE-416
Use After Free
|
CVE-2026-57236
|
2026-06-26 22:32 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1118
|
8.2 |
HIGH
Network
|
nokogiri
|
nokogiri
|
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's…
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2026-57235
|
2026-06-26 22:32 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1119
|
8.1 |
HIGH
Network
|
apache
|
doris_mcp_server
|
Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without p…
|
CWE-89
SQL Injection
|
CVE-2025-66336
|
2026-06-26 22:28 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1120
|
9.8 |
CRITICAL
Network
|
jetbrains
|
hub
|
In JetBrains Hub before 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.148429 authentication bypass via direct database access leading to administrative access was p…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-50242
|
2026-06-26 22:20 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
