CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

346 matches found

webp_server_go 0.4.0 - Path Traversal

webpservergo 0.4.0 contains a path traversal caused by insufficient sanitization in file handling, letting attackers read arbitrary files on the server, exploit requires attacker to send crafted requests. id: CVE-2021-46104 info: name: webpservergo 0.4.0 - Path Traversal author: pikpikcu severity...

7.5CVSS7.3AI score0.19884EPSS

Exploits1References1

EUVD•added 3 days ago•8 views

EUVD-2026-33685

A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...

6.5CVSS6.2AI score0.00042EPSS

Exploits0References8

CNNVD•added 3 days ago•4 views

Banana-slides path traversal vulnerability

banana-slides is an AI-based PPT generation application developed by Anion. Versions of banana-slides 0.4.0 and earlier have a path traversal vulnerability. This vulnerability stems from a path traversal issue in the AI service’s backend function, generateimage. Due to the use of os.path.startswi...

8.7CVSS5.8AI score0.00132EPSS

Exploits0References4

CNNVD•added 3 days ago•2 views

9Router Authorization Vulnerability

9Router is an intelligent routing and authorization AI model proxy tool developed by decolua’s individual developers. Versions of 9Router prior to 0.4.0 contained an authorization vulnerability. This vulnerability stemmed from incorrect handling of the Host parameter in the function isAuthenticat...

6.5CVSS6.6AI score0.00042EPSS

Exploits0References8

CVE•added 2026/05/20 1:35 p.m.•8 views

CVE-2026-47068

The vulnerability is an Authorization Bypass in phoenix_storybook: Elixir.PhoenixStorybook.Story.ComponentIframeLive reads topic from params and broadcasts the iframe process PID on that PubSub topic without verifying session ownership, enabling cross-session topic injection. An attacker can load...

2.3CVSS5.8AI score0.00054EPSS

Exploits0References4

OSV•added 2026/05/14 4:17 p.m.•4 views

GHSA-CRQM-M339-7M2P pyzipper has an encryption bypass for small files encrypted using it

Impact A Python operator precedence bug in pyzipper/zipfileaes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the caller...

6.2CVSS5.8AI score

Exploits0References3

Github Security Blog•added 2026/05/14 4:17 p.m.•5 views

pyzipper has an encryption bypass for small files encrypted using it

5.8AI score

Exploits0References3Affected Software1

RedhatCVE•added 2026/03/28 4:56 a.m.•1 views

CVE-2026-33697

Cocos AI is a confidential computing system for AI. The current implementation of attested TLS aTLS in CoCoS is vulnerable to a relay attack affecting all versions from v0.4.0 through v0.8.2. This vulnerability is present in both the AMD SEV-SNP and Intel TDX deployment targets supported by CoCoS...

7.5CVSS6AI score0.00005EPSS

Exploits0References1

OSV•added 2026/03/26 11:34 p.m.•4 views

CVE-2026-33697 CoCoS attested TLS is vulnerable to relay attacks via extracted ephemeral TLS keys

7.5CVSS5.9AI score0.00005EPSS

Exploits0References3

RedhatCVE•added 2026/03/26 3:3 p.m.•4 views

CVE-2026-30944

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user at least Editor to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to...

8.8CVSS5.8AI score0.00058EPSS

Exploits3References1

RedhatCVE•added 2026/03/26 2:59 p.m.•4 views

CVE-2026-28673

xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the standard plugin system allows admins to upload a ZIP file containing a binary and a manifest.json. The server trusts the binaries field in the manifest and execute...

7.2CVSS5.9AI score0.00514EPSS

Exploits1References1

Positive Technologies•added 2026/03/26 12:0 a.m.•1 views

PT-2026-28509

Name of the Vulnerable Software and Affected Versions Cocos AI versions 0.4.0 through 0.8.2 Description Cocos AI, a confidential computing system for AI, has a weakness in its attested TLS aTLS implementation. This allows for a relay attack where an attacker may be able to extract the ephemeral T...

7.5CVSS6AI score0.00005EPSS

Exploits0References4

CVE•added 2026/03/24 6:55 p.m.•4 views

CVE-2026-33509

Summary of CVE-2026-33509 / GHSA-r7mc-x6x7-cqxx : The pyLoad project exposes a critical vulnerability where a user with non-admin SETTINGS permission can write arbitrary configuration values via set_config_value(), with only a narrow hard-coded exception for storage_folder. The reconnect.script s...

8.8CVSS5.8AI score0.00113EPSS

Exploits1References1Affected Software2

NVD•added 2026/03/18 1:16 a.m.•3 views

CVE-2026-28673

7.2CVSS0.00514EPSS

Exploits1References1

ATTACKERKB•added 2026/03/18 12:41 a.m.•4 views

CVE-2026-28673

7.2CVSS5.9AI score0.00514EPSS

Exploits1References2Affected Software1

CVE•added 2026/03/18 12:41 a.m.•2 views

CVE-2026-28673

xiaoheiFS (self-hosted financial/operational system) versions ≤ 0.3.15 are vulnerable through the standard plugin system. An attacker can upload a ZIP containing a binary and a manifest.json; the server trusts the binaries field in the manifest and executes the specified file without validating i...

7.2CVSS5.9AI score0.00514EPSS

Exploits1References1Affected Software1