Recent
Account Takeover via Predictable SSO Ticket Generation
Published 2026-06-23 by Zohocorp
Authenticated unintended access to critical program parameters
Published 2026-06-23 by CERTVDE
Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter
Published 2026-06-23 by CPANSec
Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Download
Published 2026-06-23 by WPScan
Frontend File Manager Plugin <= 23.6 - Subscriber+ Stored Cross-Site Scripting via File Rename
Published 2026-06-23 by WPScan
Simple Basic Contact Form <= 20250114 - Reflected XSS
Published 2026-06-23 by WPScan
Infility Global < 2.15.19 - Subscriber+ SQL Injection via order Parameter
Published 2026-06-23 by WPScan
Infility Global < 2.15.20 - Editor+ SQL Injection via orderby Parameter
Published 2026-06-23 by WPScan
Published 2026-06-23 by snyk
Openssh: heap out-of-bounds read in red hat enterprise linux versions of openssh gssapi indicator cleanup due to missing null sentinel termination
Published 2026-06-23 by redhat
Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions
Published 2026-06-23 by redhat
Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service
Published 2026-06-23 by redhat
Published 2026-06-23 by YokogawaGroup
Bluetooth Host ISO RX Missing SDU Header Length Validation in bt_iso_recv() Leads to DoS
Published 2026-06-22 by zephyr
Bluetooth Classic SDP parser truncation bug in bt_sdp_parse_attribute() leads to reachable assertion and possible out-of-bounds read
Published 2026-06-22 by zephyr
fs: ext2: Missing structural validation of directory entries can cause out-of-bounds read and zero-progress directory traversal
Published 2026-06-22 by zephyr
vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors
Published 2026-06-22 by GitHub_M
vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution
Published 2026-06-22 by GitHub_M
vLLM: Dependency Confusion Vulnerability in vLLM Dockerfile
Published 2026-06-22 by GitHub_M
vLLM: OOM Denial of Service via Audio Decompression Bomb
Published 2026-06-22 by GitHub_M
vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router
Published 2026-06-22 by GitHub_M
vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels
Published 2026-06-22 by GitHub_M
vLLM: OpenAI auth bypass
Published 2026-06-22 by GitHub_M
vLLM GGUF Kernels: int64_t to int truncation of tensor dimensions causes GPU buffer overflow
Published 2026-06-22 by GitHub_M
Filament: Disabled RichEditor field state can be used for XSS
Published 2026-06-22 by GitHub_M
Filament: Inconsistent scope enforcement for AttachAction and AssociateAction Select fields
Published 2026-06-22 by GitHub_M
Filament: Unvalidated ImageColumn and ImageEntry values can be used for XSS
Published 2026-06-22 by GitHub_M
Filament: Unauthenticated temporary file upload on auth pages
Published 2026-06-22 by GitHub_M
Filament: Timing-based user enumeration on login page
Published 2026-06-22 by GitHub_M
Filament: Multi-factor authentication (app) recovery codes can still be used multiple times via concurrent submission
Published 2026-06-22 by GitHub_M
WebOb: Location header normalization during redirect leads to open redirect
Published 2026-06-22 by GitHub_M
MessagePack-CSharp: LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input
Published 2026-06-22 by GitHub_M
MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows
Published 2026-06-22 by GitHub_M
MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth
Published 2026-06-22 by GitHub_M
MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies
Published 2026-06-22 by GitHub_M
MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths
Published 2026-06-22 by GitHub_M
MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps
Published 2026-06-22 by GitHub_M
MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement
Published 2026-06-22 by GitHub_M
MessagePack-CSharp: DynamicUnionResolver generated deserializers miss depth enforcement
Published 2026-06-22 by GitHub_M
MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length
Published 2026-06-22 by GitHub_M
MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions
Published 2026-06-22 by GitHub_M
MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings
Published 2026-06-22 by GitHub_M
Nuxt - Cross-Site Scripting via navigateTo open Option
Published 2026-06-22 by VulnCheck
Nuxt - Open Redirect via Protocol-Relative Paths in reloadNuxtApp
Published 2026-06-22 by VulnCheck
n8n - Webhook Forgery via Missing HMAC-SHA256 Signature Verification in GitHub Webhook Trigger
Published 2026-06-22 by VulnCheck
n8n - Credential Exfiltration via Allowed HTTP Request Domains Bypass in Dynamic Node Parameters Endpoint
Published 2026-06-22 by VulnCheck
Nuxt - Server-Side Open Redirect via Path-Normalization Bypass in navigateTo
Published 2026-06-22 by VulnCheck
Capgo - Rate Limit Bypass via User-Controlled device_id Parameter
Published 2026-06-22 by VulnCheck
Capgo - Unauthenticated Channel Enumeration and App Oracle via GET /channel_self
Published 2026-06-22 by VulnCheck
Capgo - Missing Authentication Middleware on GET /private/role_bindings Endpoint
Published 2026-06-22 by VulnCheck
Capgo - Deleted Bundle Selection via Missing Deletion Filter in /updates Endpoint
Published 2026-06-22 by VulnCheck
Capgo - Unauthenticated Cross-Tenant Disclosure via get_current_plan_max_org RPC
Published 2026-06-22 by VulnCheck
Capgo - Subkey Enforcement Bypass via x-limited-key-id Header Parsing
Published 2026-06-22 by VulnCheck
Cap-go - Privilege Inversion in Build Log Stream via SSE Disconnect
Published 2026-06-22 by VulnCheck
Flowise - Cross-Workspace Information Disclosure via chatflows/apikey Endpoint
Published 2026-06-22 by VulnCheck
Crawl4AI - Server-Side Request Forgery via Direct Crawl Endpoints
Published 2026-06-22 by VulnCheck
Capgo - Denial of Service via Unlimited Demo App Creation
Published 2026-06-22 by VulnCheck
Cap-go - SQL Injection in Cloudflare Analytics Engine Queries via cloudflare.ts
Published 2026-06-22 by VulnCheck
picklescan - Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity
Published 2026-06-22 by VulnCheck
picklescan - Arbitrary Code Execution via Undetected ensurepip._run_pip Function
Published 2026-06-22 by VulnCheck
Picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran._eval_length Gadget
Published 2026-06-22 by VulnCheck
MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments
Published 2026-06-22 by GitHub_M
UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()
Published 2026-06-22 by GitHub_M
Fabric.js: Improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization
Published 2026-06-22 by GitHub_M
Nest: Middleware Bypass on Fastify via Trailing Slash
Published 2026-06-22 by GitHub_M
LiteLLM: Authentication Bypass via Host Header Injection
Published 2026-06-22 by GitHub_M
Authlib OAuth 2.0 authorization endpoint open redirects to attacker-controlled redirect_uri on unsupported response_type
Published 2026-06-22 by GitHub_M
PhpSpreadsheet: File::prohibitWrappers bypass
Published 2026-06-22 by GitHub_M
pypdf: Possible infinite loop when processing threads/articles in writer
Published 2026-06-22 by GitHub_M
pypdf: Inefficient decoding of FlateDecode PNG predictor streams
Published 2026-06-22 by GitHub_M
Load more ↓