Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-24303 | CRITICAL | 9.6 | Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. | Apr 23, 2026 |
| CVE-2026-6942 | CRITICAL | 9.8 | radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through … | Apr 23, 2026 |
| CVE-2026-6941 | MEDIUM | 6.6 | radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured … | Apr 23, 2026 |
| CVE-2026-6940 | HIGH | 7.1 | radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths … | Apr 23, 2026 |
| CVE-2026-6376 | UNKNOWN | — | A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no … | Apr 23, 2026 |
| CVE-2026-6375 | UNKNOWN | — | A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records (PNRs) without any access controls. Because PNR identifiers follow a predictable … | Apr 23, 2026 |
| CVE-2026-28525 | MEDIUM | 6.8 | SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose_multipart.c that allows unauthenticated attackers to cause a denial of service by sending … | Apr 23, 2026 |
| CVE-2026-41279 | HIGH | 7.5 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) … | Apr 23, 2026 |
| CVE-2026-41278 | HIGH | 7.5 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the … | Apr 23, 2026 |
| CVE-2026-41277 | HIGH | 8.8 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the … | Apr 23, 2026 |
| CVE-2026-41276 | CRITICAL | 9.8 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to … | Apr 23, 2026 |
| CVE-2026-41275 | HIGH | 7.5 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com … | Apr 23, 2026 |
| CVE-2026-41273 | HIGH | 8.2 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability … | Apr 23, 2026 |
| CVE-2026-41272 | HIGH | 7.1 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and … | Apr 23, 2026 |
| CVE-2026-41271 | HIGH | 8.3 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability … | Apr 23, 2026 |
| CVE-2026-41270 | HIGH | 7.1 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) protection … | Apr 23, 2026 |
| CVE-2026-41269 | HIGH | 7.1 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings … | Apr 23, 2026 |
| CVE-2026-41268 | CRITICAL | 9.8 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical … | Apr 23, 2026 |
| CVE-2026-41267 | HIGH | 8.1 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment (JSON injection) … | Apr 23, 2026 |
| CVE-2026-41266 | HIGH | 7.5 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including … | Apr 23, 2026 |
| CVE-2026-41265 | CRITICAL | 9.8 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the … | Apr 23, 2026 |
| CVE-2026-41264 | CRITICAL | 9.8 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the … | Apr 23, 2026 |
| CVE-2026-41138 | HIGH | 8.8 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution … | Apr 23, 2026 |
| CVE-2026-41137 | HIGH | 8.8 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom … | Apr 23, 2026 |
| CVE-2026-25874 | UNKNOWN | — | LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels … | Apr 23, 2026 |