A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature....
A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml() method creates a SAXParserFactory without enabling secure processing fea...
A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client c...
vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability
picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. Att...
Flowise before 3.0.10 (affected versions 3.0.7 and earlier) fails to invalidate existing sessions and session tokens after a user changes their pas...
Flowise before 3.0.10 contains an unverified password change vulnerability. An authenticated user can change their account password through the acc...
Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assist...
Tapo C260 RCE Chain CVE-2026-0651 / CVE-2026-0652 / CVE-2026-0653 Proof-of-concept exploit chain for TP-Link Tapo C260 IP camera achieving unauthen...
An issue in the sqlo_natural_join_cond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via cr...
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.
