|
3011
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
blktrace: fix __this_cpu_read/write in preemptible context
tracing_record_cmdline() internally uses __this_cpu_read() and
__this_…
|
NVD-CWE-noinfo
|
CVE-2026-23374
|
2026-04-25 01:32 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3012
|
9.8 |
CRITICAL
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations …
|
CWE-287
Improper Authentication
|
CVE-2026-41276
|
2026-04-25 01:32 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3013
|
7.5 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitiz…
|
CWE-200
Information Exposure
|
CVE-2026-41278
|
2026-04-25 01:31 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3014
|
7.5 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelisted (…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-41279
|
2026-04-25 01:31 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3015
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mm: thp: deny THP for files on anonymous inodes
file_thp_enabled() incorrectly allows THP for files on anonymous inodes
(e.g. gue…
|
CWE-617
Reachable Assertion
|
CVE-2026-23375
|
2026-04-25 01:31 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3016
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
mm: thp: denegar THP para archivos en inodos anónimos
file_thp_enabled() permite incorrectamente THP para archivos en inodos anó…
|
CWE-617
Reachable Assertion
|
CVE-2026-23375
|
2026-04-25 01:31 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3017
|
5.0 |
MEDIUM
Adjacent
|
-
|
-
|
A security vulnerability has been detected in OmniPEMF NeoRhythm up to 20260308. This affects an unknown function of the component BLE Interface. Such manipulation leads to missing authentication. Th…
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-2756
|
2026-04-25 01:31 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3018
|
5.0 |
MEDIUM
Adjacent
|
-
|
-
|
Una vulnerabilidad de seguridad ha sido detectada en OmniPEMF NeoRhythm hasta el 20260308. Esto afecta una función desconocida del componente Interfaz BLE. Dicha manipulación conduce a la falta de au…
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-2756
|
2026-04-25 01:31 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3019
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/http_proxy.service.ts of the component…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-4528
|
2026-04-25 01:31 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3020
|
7.3 |
HIGH
Network
|
-
|
-
|
Se determinó una vulnerabilidad en trueleaf ApiFlow 0.9.7. El elemento afectado es la función validateUrlSecurity del archivo packages/server/src/service/proxy/http_proxy.service.ts del componente Ge…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-4528
|
2026-04-25 01:31 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
