79 matches found
@jsr2npm/yao__gpt-vis-mcp (>=0.0.1 <=0.1.1), @ly_agent/ly-vis-mcp-server (=0.1.14) +3 more potentially affected by unknown CVE via @antv/gpt-vis-ssr (>=0.1.10 <=0.3.7)
@antv/gpt-vis-ssr NPM version =0.1.10, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4021...
CVE-2026-39609
Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through = 0.3.7...
EUVD-2026-20244
Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through = 0.3.7...
CVE-2026-39609
Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through = 0.3.7...
CVE-2026-39609
Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through = 0.3.7...
CVE-2026-39609
Summary: CVE-2026-39609 concerns a missing authorization flaw in the WordPress plugin “Wava Payment” (wava-payment), affecting versions up to and including 0.3.7. The root cause is an incorrectly configured access control that allows exploitation of authorization checks. What’s affected: WordPres...
CVE-2026-39609 WordPress Wava Payment plugin <= 0.3.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through = 0.3.7...
PT-2026-31174
Name of the Vulnerable Software and Affected Versions Wava Payment versions through 0.3.7 Description A missing authorization flaw exists in Wava Payment, potentially allowing exploitation due to incorrectly configured access control security levels. Recommendations Update Wava Payment to a versi...
OESA-2026-1786 audiofile security update
The Audio File Library is a C-based library for reading and writing audio files in many common formats. Security Fixes: In Audio File Library aka audiofile 0.3.6, there exists one NULL pointer dereference bug in ulaw2linearbuf in G711.cpp in libmodules.a that allows an attacker to cause a denial ...
CVE-2026-4173
A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation...
CVE-2026-4586
A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/api/controller/driver/JdbcDriverController.java of the component JDBC Driver Upload. Performing a...
EUVD-2026-14423
A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/api/controller/driver/JdbcDriverController.java of the component JDBC Driver Upload. Performing a...
CVE-2026-4586 CodePhiliaX Chat2DB JDBC Driver Upload JdbcDriverController.java upload unrestricted upload
A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/api/controller/driver/JdbcDriverController.java of the component JDBC Driver Upload. Performing a...
CodePhiliaX Chat2DB 代码问题漏洞
CodePhiliaX Chat2DB is an open-source AI-driven SQL client developed by CodePhiliaX. Versions of CodePhiliaX Chat2DB 0.3.7 and earlier contain code-related vulnerabilities. These vulnerabilities stem from the unlimited uploading feature of the JDBC Driver Upload component...
CodePhiliaX Chat2DB SQL注入漏洞
CodePhiliaX Chat2DB is an open-source AI-driven SQL client developed by CodePhiliaX. Versions of CodePhiliaX Chat2DB 0.3.7 and earlier contain a SQL injection vulnerability. This vulnerability arises from improper handling of parameters in the functions exportTable, exportTableColumnComment,...
PT-2026-25546
A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation...
CVE-2026-1664
Summary An Insecure Direct Object Reference has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation or origin...
CVE-2026-1664
Summary An Insecure Direct Object Reference has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation or origin...
CVE-2026-1664
Summary: CVE-2026-1664 affects Cloudflare Agents SDK prior to 0.3.7, due to an IDOR in header-based email routing. Root cause: createHeaderBasedEmailResolver() parses Message-ID and References to derive target agentName/agentId without cryptographic/origin verification, letting external headers s...
CVE-2026-1664 Insecure Direct Object Reference (IDOR) via Header-Based Email Routing
Summary An Insecure Direct Object Reference has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation or origin...