Export limit exceeded: 362636 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362636 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362636 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362636 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9836 | 1 Ibm | 1 Infosphere Information Server | 2026-06-30 | 3.5 Low |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability. | ||||
| CVE-2026-7663 | 1 Ibm | 1 Langflow Oss | 2026-06-30 | 9.1 Critical |
| IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint. | ||||
| CVE-2026-43722 | 1 Apple | 2 Ios And Ipados, Macos | 2026-06-30 | 5.5 Medium |
| The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to leak sensitive kernel state. | ||||
| CVE-2026-43707 | 1 Apple | 3 Ios And Ipados, Macos, Safari | 2026-06-30 | 6.5 Medium |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-10109 | 1 Ibm | 1 Db2 | 2026-06-30 | 9.8 Critical |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling. | ||||
| CVE-2026-10129 | 1 Ibm | 1 Langflow Oss | 2026-06-30 | 8.5 High |
| IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) protection bypass vulnerability in the API Request component. An authenticated attacker with low-level privileges (flow author role) can bypass SSRF protections by enabling the follow_redirects parameter and supplying a public URL that redirects to internal/localhost addresses. The vulnerability exists because the application validates only the initial URL but does not re-validate redirect destinations. This allows attackers to access internal HTTP services, localhost endpoints, cloud metadata services, and private network resources that should be unreachable when SSRF protection is enabled. Successful exploitation can lead to disclosure of sensitive information including credentials, tokens, internal API responses, and administrative panel data. | ||||
| CVE-2026-56876 | 1 Max-mapper | 1 Extract-zip | 2026-06-30 | 8.1 High |
| extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory. Depending on how extract-zip is used, an attacker could read or write to arbitrary files. | ||||
| CVE-2026-10134 | 1 Ibm | 1 Langflow Oss | 2026-06-30 | 10 Critical |
| IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow's `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build. | ||||
| CVE-2026-7803 | 1 Ibm | 1 Langflow Oss | 2026-06-30 | 9.8 Critical |
| IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields. | ||||
| CVE-2026-10560 | 1 Ibm | 1 Langflow Oss | 2026-06-30 | 8.2 High |
| IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/build_public_tmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service. | ||||
| CVE-2026-11546 | 1 Ibm | 1 Websphere Application Server Liberty | 2026-06-30 | 7.1 High |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled. | ||||
| CVE-2026-13316 | 2 Red Hat, Redhat | 2 Red Hat Satellite 6, Satellite | 2026-06-30 | 4.4 Medium |
| A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component. | ||||
| CVE-2026-14209 | 1 Redhat | 4 Build Keycloak, Build Of Keycloak, Jboss Enterprise Application Platform Expansion Pack and 1 more | 2026-06-30 | 4.3 Medium |
| A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions (FGAPv2) are enabled, an administrator who should only be able to search for users (but not view their full details) can use a specific "brute-force-user" endpoint to access a user's full profile. This includes sensitive information and security metadata. The issue occurs because the system fails to check if the administrator has the required "view" permission for that specific user when using this particular search path. | ||||
| CVE-2026-11714 | 1 Ibm | 1 Websphere Application Server Liberty | 2026-06-30 | 8.5 High |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled. | ||||
| CVE-2026-11906 | 1 Ibm | 1 Db2 | 2026-06-30 | 6.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns. | ||||
| CVE-2026-7874 | 1 Ibm | 1 Langflow Oss | 2026-06-30 | 9.1 Critical |
| IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest. | ||||
| CVE-2026-13773 | 1 Ibm | 1 Websphere Extreme Scale | 2026-06-30 | 6 Medium |
| IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.string_to_object() on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound IIOP SSRF to an attacker-chosen host; when chained with the IBM ORB's getUserException class-instantiation flaw (WAS-26), this SSRF escalates to remote code execution on the calling JVM. | ||||
| CVE-2026-13449 | 1 Ibm | 1 Business Automation Manager Open Editions | 2026-06-30 | 7.6 High |
| IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
| CVE-2026-54350 | 1 Budibase | 1 Budibase | 2026-06-30 | 10 Critical |
| Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection and, where the builder has published a PUBLIC write query, modifies every document of that collection with one HTTP request. enrichContext at packages/server/src/sdk/workspace/queries/queries.ts:121-138 substitutes parameter values into the raw JSON body of a query, then JSON.parses the result. The validator validateQueryInputs at packages/server/src/api/controllers/query/index.ts:61-71 rejects only Handlebars markers ({{, }}) in user input and does not escape JSON metacharacters (", \, }). A parameter value containing a closing quote and additional keys lifts attacker-controlled fields into the parsed filter object. For Mongo find, the parsed filter passes directly to collection.find() (packages/server/src/integrations/mongodb.ts:506-510). Duplicate-key JSON parsing overrides the builder's {name: "..."} with {name: {$exists: true}} and returns every document. The same primitive against an updateMany query (mongodb.ts:577-585) widens the filter scope to the full collection while the builder-controlled $set body runs against every matched document. The authorized middleware at packages/server/src/middleware/authorized.ts:141-148 short-circuits when the query's role is PUBLIC. CSRF is not enforced on this path. POST /api/v2/queries/:queryId (packages/server/src/api/routes/query.ts:63) accepts the call with no session, only an x-budibase-app-id header that is public from the published-app URL. This vulnerability is fixed in 3.39.12. | ||||
| CVE-2026-3602 | 1 Ibm | 2 App Connect Enterprise, Integration Bus For Zos | 2026-06-30 | 4.7 Medium |
| IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of. | ||||