38498 matches found
CVE-2026-6636
A concrete vulnerability exists in the p2r3 convert API component, specifically in Bun.serve within buildCache.js. The issue is a path traversal caused by manipulation of the pathname argument, which can be triggered remotely. Public exploit information is noted. The product uses rolling releases...
CVE-2026-6636
A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulation of the argument pathname results in path traversal. It is possible to initiate the attack...
CVE-2026-6632
A vulnerability was identified in Tenda F451 1.0.0.7cnsvn7958. The affected element is the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component httpd. The manipulation of the argument menufacturer/Go leads to buffer overflow. Remote exploitation of the attack is...
CVE-2026-6632 Tenda F451 httpd SafeClientFilter fromSafeClientFilter buffer overflow
A vulnerability was identified in Tenda F451 1.0.0.7cnsvn7958. The affected element is the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component httpd. The manipulation of the argument menufacturer/Go leads to buffer overflow. Remote exploitation of the attack is...
CVE-2026-6632
CVE-2026-6632 concerns Tenda F451 v1.0.0.7_cn_svn7958, specifically the httpd component’s /goform/SafeClientFilter, where the fromSafeClientFilter function mis-handles an argument (manufacturer/Go), causing a buffer overflow. All connected sources consistently report remote exploitation is possib...
CVE-2026-6631 Tenda F451 httpd webExcptypemanFilter fromwebExcptypemanFilter buffer overflow
A vulnerability was determined in Tenda F451 1.0.0.7cnsvn7958. Impacted is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The...
CVE-2026-6628
A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been publish...
CVE-2026-6629
A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has...
CVE-2026-6629
The CVE concerns Metasoft MetaCRM (up to v6.4.0) in the Interface component, specifically the file sql.jsp and its Statement.executeUpdate function. The vulnerability is a SQL injection caused by manipulation of the sql argument, enabling remote exploitation. Public exploit disclosure is noted, a...
RHSA-2026:8868 Red Hat Security Advisory: nghttp2 security update
Bulletin has no description...
EUVD-2026-23764
A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site...
CVE-2026-6608
A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the installmcpconfig function in the Model Context Protocol Configuration API when processing the X-Forwarded-For argument. An...
CVE-2026-6600
A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site...
Credential Exposure
Overview Affected versions of this package are vulnerable to Credential Exposure in the removeapikeys and hasapiterms functions of the Flow Using API component. An attacker can access sensitive credential information by exploiting unprotected storage mechanisms remotely. Remediation Upgrade...
CVE-2026-6600 langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting
A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site...
firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: Text component...
firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Audio/Video component...
firefox: thunderbird: Incorrect boundary conditions in the Graphics component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics component...
firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Audio/Video: GMP component...