CyberIntel ⬡ News
★ Saved ◆ Cyber Reads

// Vulnerabilities & CVEs
Intel Feed

cyberintel.kalymoon.com  ·  10683 articles  ·  updated every 4 hours · grows forever

10683Total
4264Full Text
Jul 03, 2026Latest
◈ Women in Cyber ◉ Threat Intelligence ◎ How-To & Tutorials ⬡ Vulnerabilities & CVEs 🔍 Digital Forensics ◍ Incident Response & DFIR ◆ Security Tools & Reviews ◇ Industry News & Leadership ✉ Email Security 🛡 Active Threats ⚠ Critical CVEs ◐ Insider Threat & DLP ◌ Quantum Computing ◬ AI & Machine Learning
🔥 Trending Topics · Last 48h
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-56276 | Flowise up to 3.1.1 /api/v1/user credential dynamically-determined object attributes (GHSA-59fh-9f3p-7m39 / EUVD-2026-38119)

A vulnerability was found in Flowise up to 3.1.1 . It has been classified as problematic . This affects an unknown function of the file /api/v1/user . The manipulation of the argument credential leads…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-56294 | capacitor-native-biometric up to 12.128.1 onAuthenticationSucceeded improper authentication (GHSA-vx5f-vmr6-32wf / EUVD-2026-38121)

A vulnerability was found in capacitor-native-biometric up to 12.128.1 . It has been declared as critical . This impacts the function onAuthenticationSucceeded . The manipulation results in improper a…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-56218 | Capgo up to 12.128.1 information disclosure (GHSA-c5w9-886p-9j2x / EUVD-2026-38114)

A vulnerability was found in Capgo up to 12.128.1 . It has been rated as problematic . Affected is an unknown function. This manipulation causes information disclosure. This vulnerability is tracked a…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-56317 | Nuxt up to 3.21.6/4.4.6 cross site scripting (GHSA-m3q2-p4fw-w38m / EUVD-2026-38112)

A vulnerability categorized as problematic has been discovered in Nuxt up to 3.21.6/4.4.6 . Affected by this vulnerability is an unknown functionality. Such manipulation leads to cross site scripting.…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-56227 | Capgo up to 12.128.1 Outbound Requests server-side request forgery (GHSA-48hc-53hv-6x3f / EUVD-2026-38115)

A vulnerability identified as critical has been detected in Capgo up to 12.128.1 . Affected by this issue is some unknown functionality of the component Outbound Requests Handler . Performing a manipu…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2025-71331 | Flowise up to 3.0.7 Chat Message cross site scripting (GHSA-4fr9-3x69-36wv / EUVD-2025-210289)

A vulnerability labeled as problematic has been found in Flowise up to 3.0.7 . This affects an unknown part of the component Chat Message Handler . Executing a manipulation can lead to basic cross sit…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-56304 | picklescan up to 1.0.0 logging.FileHandler deserialization (GHSA-m7j5-r2p5-c39r / EUVD-2026-38123)

A vulnerability marked as critical has been reported in picklescan up to 1.0.0 . This vulnerability affects the function logging.FileHandler . The manipulation leads to deserialization. This vulnerabi…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-56332 | Capgo up to 12.128.1 confirm-signup Endpoint confirmation_url redirect (GHSA-24q8-ghqq-m8cj / EUVD-2026-38127)

A vulnerability described as problematic has been identified in Capgo up to 12.128.1 . This issue affects some unknown processing of the component confirm-signup Endpoint . The manipulation of the arg…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-56319 | Capgo up to 12.128.1 Error Response /statistics/app information exposure (GHSA-73p9-mprg-7r75 / EUVD-2026-38125)

A vulnerability classified as problematic has been found in Capgo up to 12.128.1 . Impacted is an unknown function of the file /statistics/app of the component Error Response Handler . This manipulati…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-56330 | Capgo up to 12.128.1 callbackUrl/successUrl/cancelUrl redirect (GHSA-grc7-98pf-h8hq / EUVD-2026-38126)

A vulnerability classified as problematic was found in Capgo up to 12.128.1 . The affected element is an unknown function. Such manipulation of the argument callbackUrl/successUrl/cancelUrl leads to o…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-56307 | Cap-go capgo up to 12.128.11 /private/devices control flow (GHSA-8p6w-x7jg-v4xq / EUVD-2026-38124)

A vulnerability, which was classified as problematic , has been found in Cap-go capgo up to 12.128.11 . The impacted element is an unknown function of the file /private/devices . Performing a manipula…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-12795 | BerriAI litellm up to 1.82.2 SSO Debug Flow ui_sso.py json.dumps missing authentication

A vulnerability, which was classified as critical , was found in BerriAI litellm up to 1.82.2 . This affects the function json.dumps of the file litellm/proxy/management_endpoints/ui_sso.py of the com…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-12796 | BerriAI litellm up to 1.82.2 SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration

A vulnerability has been found in BerriAI litellm up to 1.82.2 and classified as critical . This impacts the function get_redirect_response_from_openid of the file litellm/proxy/management_endpoints/u…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-12797 | BerriAI litellm up to 1.82.5 Completions Interface banned_keywords.py async_pre_call_hook prompt authorization

A vulnerability was found in BerriAI litellm up to 1.82.5 and classified as critical . Affected is the function async_pre_call_hook of the file enterprise/enterprise_hooks/banned_keywords.py of the co…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-12798 | BerriAI litellm up to 1.82.2 MCP OpenAPI Spec Loader openapi_to_mcp_generator.py load_openapi_spec_async spec_path server-side request forgery

A vulnerability was found in BerriAI litellm up to 1.82.2 . It has been classified as critical . Affected by this vulnerability is the function load_openapi_spec_async of the file litellm/proxy/_exper…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-12799 | BerriAI litellm up to 1.82.2 Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization

A vulnerability was found in BerriAI litellm up to 1.82.2 . It has been declared as problematic . Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/in…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-5366 | prefecthq prefect up to 3.6.23 commit_sha code injection

A vulnerability was found in prefecthq prefect up to 3.6.23 . It has been rated as critical . This affects an unknown part. Performing a manipulation of the argument commit_sha results in code injecti…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-56345 | AVideo Meet Plugin up to 29.0 File uploadRecordedVideo.json.php Login improper authentication (GHSA-qxvm-r42f-5p8j)

A vulnerability categorized as critical has been discovered in AVideo Meet Plugin up to 29.0 . This vulnerability affects unknown code of the file uploadRecordedVideo.json.php of the component File Ha…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-56346 | AVideo up to 25.0 decryptMessage.json.php missing authentication (GHSA-5x2w-37xf-7962)

A vulnerability identified as critical has been detected in AVideo up to 25.0 . This issue affects some unknown processing of the file decryptMessage.json.php . The manipulation leads to missing authe…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2025-71379 | vLLM up to 0.8.x OpenAI-compatible Serving Chat Endpoint vllm/lora/utils.py redos (GHSA-j828-28rj-hfhp)

A vulnerability labeled as problematic has been found in vLLM up to 0.8.x . Impacted is an unknown function of the file vllm/lora/utils.py of the component OpenAI-compatible Serving Chat Endpoint . Th…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-56341 | AVideo up to 26.0 API Response list.json.php authorization (GHSA-wprj-9cvc-5w37)

A vulnerability marked as problematic has been reported in AVideo up to 26.0 . The affected element is an unknown function of the file list.json.php of the component API Response Handler . This manipu…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-56347 | WWBN AVideo up to 26.0 Session Cookie cross site scripting (GHSA-gmpc-fxg2-vcmq)

A vulnerability described as problematic has been identified in WWBN AVideo up to 26.0 . The impacted element is an unknown function of the component Session Cookie Handler . Such manipulation leads t…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-56342 | AVideo up to 27.0 Network Configuration plugin/Live/test.php isSSRFSafeURL statsURL server-side request forgery (GHSA-wxjx-r2j2-96fx)

A vulnerability classified as critical has been found in AVideo up to 27.0 . This affects the function isSSRFSafeURL of the file plugin/Live/test.php of the component Network Configuration Handler . P…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 20, 2026
CVE-2026-56340 | vLLM up to 0.12.x prompt-embeds Feature out-of-bounds (GHSA-mcmc-2m55-j8jj)

A vulnerability classified as critical was found in vLLM up to 0.12.x . This impacts an unknown function of the component prompt-embeds Feature . Executing a manipulation can lead to out-of-bounds rea…

VulDB Read →
← Prev 59 / 446 Next →