CVE Security

Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enabled in Devise, the Fai...

Applications


                                    CVE-2026-40295

Lire l'article

unknown

29/05/2026

Vulnérabilité unknown détectée - CVE-2026-40596

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by...

Web


                                    CVE-2026-40596

Lire l'article

unknown

29/05/2026

Vulnérabilité unknown détectée - CVE-2026-40597

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.28.1 and below, given any pre-existing XSS / HTML injection vulnerability...

Applications Web


                                    CVE-2026-40597

Lire l'article

unknown

29/05/2026

Vulnérabilité unknown détectée - CVE-2026-40166

authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, authenticated non-admin users with at...

Applications


                                    CVE-2026-40166

Lire l'article

high 7.1

29/05/2026

Vulnérabilité high détectée - CVE-2026-39968

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 ("Credential Theft via Client-Side Script Execution a...

Applications


                                    CVE-2026-39968

Lire l'article

medium 6.5

29/05/2026

Vulnérabilité medium détectée - CVE-2026-39969

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint (POST /v1/workspaces/{workspaceId}/whatsapp/{...

Applications


                                    CVE-2026-39969

Lire l'article

unknown

29/05/2026

Vulnérabilité unknown détectée - CVE-2026-39970

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload ...

Applications Web


                                    CVE-2026-39970

Lire l'article

high 7.8

29/05/2026

Vulnérabilité high détectée - CVE-2026-9255

Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, includi...

Applications


                                    CVE-2026-9255

Lire l'article

medium 5.4

29/05/2026

Vulnérabilité medium détectée - CVE-2026-39964

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer (packages/embeds/js) renders anchor tags from rich text bubble cont...

Applications


                                    CVE-2026-39964

Lire l'article

high 7.7

29/05/2026

Vulnérabilité high détectée - CVE-2026-39965

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validat...

Applications


                                    CVE-2026-39965

Lire l'article

medium 6.2

29/05/2026

Vulnérabilité medium détectée - CVE-2026-42627

In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements() in armnn/Tensor.cpp allows a crafted TFLite model file to bypass...

Applications


                                    CVE-2026-42627

Lire l'article

high 8.1

29/05/2026

Vulnérabilité high détectée - CVE-2026-46727

An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_geta...

Applications


                                    CVE-2026-46727

Lire l'article

15 16 17 18 19