Common Vulnerabilities and Exposures (CVE)

CVE-2026-9198

Jul 17, 2026 17:36:11 UTC

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/auto_login (mints SUPERUSER tokens to any network caller) with /api/v1/validate/code (executes user code via exec()) to achieve full RCE on default Lang...

CVE-2026-9202

Jul 17, 2026 17:33:20 UTC

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create unlimited user accounts on any Langflow instance; when NEW_USER_IS_ACTIVE=true (documented deployment option), newly created accounts are immediately active an...

CVE-2026-13410

Jul 17, 2026 17:32:51 UTC

Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled. The default user agent is initialised with SSL_verify_mode explicitly disabled. An attacker with network man-in-the-middle (MITM) capability betwe...

CVE-2026-13082

Jul 17, 2026 17:29:23 UTC

GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a (by ...

CVE-2026-16017

Jul 17, 2026 17:27:24 UTC

A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. Impacted is the function list/remove of the file tools/tool_cron.go of the component cron Chat Tool. The manipulation results in missing authorization. The attack may be p...

CVE-2026-63098

Jul 17, 2026 17:26:53 UTC

TheHive through 4.1.24 contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by sending a GET request to the /api/status endpoint, which lacks authent...

CVE-2026-49209

Jul 17, 2026 17:26:18 UTC

Symfony UX is a JavaScript ecosystem for Symfony. From 2.5.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Controller\BatchActionController::__invoke() iterates over the client-supplied actions array and issues a full HttpKernel sub-requ...

CVE-2026-9762

Jul 17, 2026 17:25:53 UTC

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control.

CVE-2026-63308

Jul 17, 2026 17:25:42 UTC

Helm through 4.2.3, fixed in commit ba6c9a2, contains a denial of service vulnerability in the Files.Lines template helper in pkg/engine/files.go that allows attackers to trigger an index out of range panic by including zero-length byte sli...

CVE-2026-9537

Jul 17, 2026 17:25:14 UTC

Mojo::JWT versions before 1.02 for Perl verify HMAC signatures with a non-constant-time string comparison. The decode() method compares the supplied signature to the recomputed HMAC with Perl's eq operator, which stops at the first differi...

CVE-2026-14741

Jul 17, 2026 17:25:13 UTC

HTTP::Date versions before 6.08 for Perl allow CPU exhaustion via polynomial regex backtracking in parse_date. parse_date() matches the date string against a chain of alternative regexes, and str2time() delegates to it. Several of these pa...

CVE-2026-44722

Jul 17, 2026 17:25:08 UTC

pyzipper is a replacement for Python's zipfile that can read and write AES encrypted zip files. Prior to 0.4.0, a Python operator precedence bug in pyzipper/zipfile_aes.py caused the AE-2 format to never be automatically selected during enc...

CVE-2026-16104

Jul 17, 2026 17:24:34 UTC

A flaw was found in the authentication configuration endpoint of the keycloak-services component, which is the core engine for Red Hat Build of Keycloak identity and access management. The issue occurs because the system fails to mask sensi...

CVE-2026-54496

Jul 17, 2026 17:23:50 UTC

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad 5.0.0, halo2_gadgets 0.5.0, orchard 0.14.0, zcash_primitives 0.28.0, and zcashd 6.20.0, the variable-base scalar multiplication gadget in halo2_gadgets/src/ecc/chip/mul/incompl...

CVE-2025-59866

Jul 17, 2026 17:22:03 UTC

The HCL DFMPro, DFXAnalytics and DFXServer installers are affected by ‘Insecure file permissions Leading to Privilege Escalation’ vulnerability, which enables any logged-in non-administrative user to overwrite or replace the executable file...