|
1151
|
7.5 |
HIGH
Network
|
-
|
-
|
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-4503
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1152
|
5.3 |
MEDIUM
Adjacent
|
-
|
-
|
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.
|
CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
|
CVE-2025-36180
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1153
|
6.2 |
MEDIUM
Local
|
-
|
-
|
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.
|
CWE-256
Plaintext Storage of a Password
|
CVE-2025-36335
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1154
|
6.4 |
MEDIUM
Network
|
-
|
-
|
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to ru…
|
CWE-284
Improper Access Control
|
CVE-2026-2311
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1155
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM Langflow Desktop <=1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../)…
|
CWE-22
Path Traversal
|
CVE-2026-3345
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1156
|
8.8 |
HIGH
Network
|
-
|
-
|
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment varia…
|
CWE-94
Code Injection
|
CVE-2026-6543
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1157
|
7.8 |
HIGH
Local
|
-
|
-
|
SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-5403
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1158
|
4.7 |
MEDIUM
Local
|
-
|
-
|
K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-5404
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1159
|
7.0 |
HIGH
Local
|
-
|
-
|
Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
|
CWE-22
Path Traversal
|
CVE-2026-5656
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1160
|
3.5 |
LOW
Network
|
-
|
-
|
A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument p…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-7501
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
