Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

47 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 9:30 a.m.3 views

CVE-2023-43803

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

7.1CVSS6.9AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:28 a.m.5 views

CVE-2023-49296

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint /certificate.crt and the way the web interface of the ArduinoCreateAgent handle...

6.3CVSS6.8AI score0.0026EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:1 a.m.5 views

CVE-2023-43800

Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint /v2/pkgs/tools/installed. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those ...

7.8CVSS6.9AI score0.00211EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2023-2771

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00326EPSS
Exploits0References6
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2023-53283

Malicious code in bioql PyPI...

6.3CVSS6.5AI score0.0026EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-2683

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00354EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-2649

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00211EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/05/23 2:12 a.m.5 views

CVE-2023-43802

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can...

7.8CVSS6.9AI score0.00354EPSS
Exploits0References1
NVD
NVDadded 2023/12/13 8:15 p.m.26 views

CVE-2023-49296

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint /certificate.crt and the way the web interface of the ArduinoCreateAgent handle...

6.3CVSS0.0026EPSS
Exploits0References2
Prion
Prionadded 2023/12/13 8:15 p.m.15 views

Cross site scripting

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint /certificate.crt and the way the web interface of the ArduinoCreateAgent handle...

5.8CVSS7AI score0.0026EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2023/12/13 7:54 p.m.33 views

CVE-2023-49296 Arduino Create Agent vulnerable to Reflected Cross-Site Scripting

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint /certificate.crt and the way the web interface of the ArduinoCreateAgent handle...

6.3CVSS6.4AI score0.0026EPSS
Exploits0References2
OSV
OSVadded 2023/12/13 7:54 p.m.16 views

CVE-2023-49296 Arduino Create Agent vulnerable to Reflected Cross-Site Scripting

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint /certificate.crt and the way the web interface of the ArduinoCreateAgent handle...

6.3CVSS6.4AI score0.0026EPSS
Exploits0References4
CNNVD
CNNVDadded 2023/12/13 12:0 a.m.2 views

Arduino Cross-Site Scripting Vulnerability

Arduino is a microcontroller board from the Arduino project. A cross-site scripting vulnerability exists in Arduino Create Agent versions prior to 1.3.6, which stems from vulnerability to reflective cross-site scripting attacks that allow an attacker to execute arbitrary code on the browser clien...

6.3CVSS6.8AI score0.0026EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2023/11/08 12:0 a.m.19 views

Debian dla-3649 : python-urllib3 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3649 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3649-1 [email protected] https://www.debian.org/lts/security/...

7.1CVSS6.8AI score0.00326EPSS
Exploits0References4
Veracode
Veracodeadded 2023/10/20 7:39 a.m.21 views

Path Traversal

github.com/arduino/arduino-create-agent is vulnerable to Path Traversal. The vulnerability results from inadequate sanitization of the filename parameter. Exploiting this flaw, an attacker can execute HTTP requests on the localhost interface or bypass CORS configuration. Consequently, they may be...

7.8CVSS7.1AI score0.00354EPSS
Exploits0References4Affected Software1
Veracode
Veracodeadded 2023/10/20 7:1 a.m.20 views

Path Traversal

github.com/arduino/arduino-create-agent is vulnerable to Directory Traversal. When the attacker has access to the localhost interface, they can send a specially crafted HTTP POST request to the /v2/pkgs/tools/installed endpoint, specifying the path of the file or folder that they want to delete...

7.1CVSS6.7AI score0.00326EPSS
Exploits0References7Affected Software1
Veracode
Veracodeadded 2023/10/19 5:53 a.m.16 views

Privilege Escalation

Arduino Create Agent is vulnerable to Privilege Escalation. The vulnerability is due to the improper handling of requests to the endpoint /v2/pkgs/tools/installed. This can be exploited by an attacker via executing a HTTP requests to the localhost interface leading to the elevation of privileges ...

7.8CVSS6.8AI score0.00211EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2023/10/18 10:15 p.m.41 views

CVE-2023-43801

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

7.1CVSS6.4AI score0.00326EPSS
Exploits0References3
NVD
NVDadded 2023/10/18 9:15 p.m.13 views

CVE-2023-43803

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

7.1CVSS6.4AI score0.00326EPSS
Exploits0References4
Prion
Prionadded 2023/10/18 9:15 p.m.17 views

Design/Logic Flaw

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can...

4.3CVSS7.6AI score0.00354EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder