|
461
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When…
New
|
CWE-89
CWE-94
SQL Injection
Code Injection
|
CVE-2026-25879
|
2026-06-3 02:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
462
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the co…
New
|
CWE-400
CWE-1333
Uncontrolled Resource Consumption
Inefficient Regular Expression Complexity
|
CVE-2026-10291
|
2026-06-3 02:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
463
|
7.4 |
HIGH
Network
|
-
|
-
|
Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that use…
New
|
-
|
CVE-2022-4991
|
2026-06-3 02:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
464
|
5.4 |
MEDIUM
Network
|
-
|
-
|
NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization co…
New
|
CWE-302
CWE-346
CWE-352
Authentication Bypass by Assumed-Immutable Data
Origin Validation Error
Origin Validation Error
|
CVE-2026-34460
|
2026-06-3 02:15 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
465
|
2.7 |
LOW
Network
|
-
|
-
|
Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling…
New
|
CWE-20
CWE-178
Improper Input Validation
Improper Handling of Case Sensitivity
|
CVE-2026-44367
|
2026-06-3 02:15 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
466
|
- |
|
-
|
-
|
Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in versio…
New
|
CWE-200
CWE-284
Information Exposure
Improper Access Control
|
CVE-2026-45080
|
2026-06-3 02:15 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
467
|
7.5 |
HIGH
Network
|
-
|
-
|
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructured_text() renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI …
New
|
CWE-200
Information Exposure
|
CVE-2026-45553
|
2026-06-3 02:15 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
468
|
5.3 |
MEDIUM
Network
|
-
|
-
|
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rathe…
New
|
CWE-248
CWE-770
Uncaught Exception
Allocation of Resources Without Limits or Throttling
|
CVE-2026-45554
|
2026-06-3 02:15 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
469
|
- |
|
-
|
-
|
The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled S…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-10047
|
2026-06-3 02:14 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
470
|
- |
|
-
|
-
|
Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_handlers.c. The handler comput…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-10046
|
2026-06-3 02:14 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
