CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 3 days ago•5 views

EUVD-2026-33534

A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing a manipulation of the argument Name results in path traversal. The attack can be initiated remotely. The exploit has...

5.5CVSS5.7AI score0.00048EPSS

Vulnrichment•added 3 days ago•6 views

CVE-2026-10213 AstrBotDevs AstrBot API Endpoint delete path traversal

5.5CVSS5.5AI score0.00048EPSS

Cvelist•added 3 days ago•39 views

CVE-2026-10213 AstrBotDevs AstrBot API Endpoint delete path traversal

5.5CVSS0.00048EPSS

CVE•added 3 days ago•15 views

CVE-2026-10213

AstrBotDevs AstrBot 4.23.6 contains a path traversal flaw in the API endpoint /api/skills/delete. Manipulating the Name argument reportedly allows traversal of the filesystem. The issue is exploitable remotely, and an exploit has been released publicly. Vendor response is noted as none. The descr...

5.5CVSS5.7AI score0.00048EPSS

CNNVD•added 3 days ago•3 views

SOPlanning Cross-Site Request Forgery Vulnerability

SOPlanning is a set of online project management software developed by SOPlanning Company. Versions of SOPlanning 1.55 and earlier had a cross-site request forgeing vulnerability. This vulnerability stemmed from the susceptibility of the create, modify, and delete endpoints of groupesave to...

8.8CVSS5.7AI score0.00067EPSS

Positive Technologies•added 3 days ago•6 views

PT-2026-45245

5.5CVSS5.7AI score0.00048EPSS

Exploits0References6

Vulnrichment•added 4 days ago•4 views

CVE-2026-10184 SourceCodester Hospitals Patient Records Management System Users.php delete sql injection

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This impacts an unknown function of the file /classes/Users.php?f=delete. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been...

7.5CVSS5.7AI score0.00033EPSS

Exploits0References6

NVD•added 6 days ago•8 views

CVE-2026-44650

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, POST /api/extensions/delete endpoint accepts extensionName: "." which bypasses sanitize-filename...

9.1CVSS0.0008EPSS

Cvelist•added 6 days ago•25 views

CVE-2026-44650 SillyTavern: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

9.1CVSS0.0008EPSS

Vulnrichment•added 6 days ago•6 views

CVE-2026-44650 SillyTavern: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

9.1CVSS5.8AI score0.0008EPSS

CVE•added 6 days ago•6 views

CVE-2026-44650

CVE-2026-44650 affects SillyTavern (local UI for LLMs) where the POST /api/extensions/delete endpoint accepts extensionName: "." and bypasses sanitize-filename validation. This causes path traversal that deletes the entire user extensions directory (and potentially the global extensions dir) with...

9.1CVSS5.8AI score0.0008EPSS

CNNVD•added 6 days ago•4 views

SillyTavern 安全漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from the POST /api/extensions/delete endpoint accepting an extensionName parameter. This allowed bypassing...

9.1CVSS5.8AI score0.0008EPSS

ATTACKERKB•added 2026/05/27 3:44 p.m.•3 views

CVE-2026-44324

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when the supplied ueId does n...

6.5CVSS6AI score0.00067EPSS

Exploits1References5Affected Software1

Positive Technologies•added 2026/05/27 12:0 a.m.•4 views

PT-2026-43996

A Cross-Site Request Forgery CSRF vulnerability was discovered in the delete.php endpoint of Jason2605 AdminPanel 4.0...

5.8AI score0.00015EPSS

Cvelist•added 2026/05/27 12:0 a.m.•30 views

CVE-2026-30498

A Cross-Site Request Forgery CSRF vulnerability was discovered in the delete.php endpoint of Jason2605 AdminPanel 4.0...

0.00015EPSS

ATTACKERKB•added 2026/05/27 12:0 a.m.•3 views

CVE-2026-30498

A Cross-Site Request Forgery CSRF vulnerability was discovered in the delete.php endpoint of Jason2605 AdminPanel 4.0...

5.8AI score0.00015EPSS

CVE•added 2026/05/27 12:0 a.m.•3 views

CVE-2026-30498

A CSRF vulnerability (CVE-2026-30498) affects Jason2605 AdminPanel 4.0, located in the delete.php endpoint. The issue is described across multiple sources as CSRF; no explicit exploit details, mitigations, or patch information are provided in the connected documents. CVSS v3.1 metrics indicate a ...

6.3CVSS5.8AI score0.00015EPSS

EUVD•added 2026/05/22 12:31 a.m.•5 views

EUVD-2026-31373

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonata...

2.3CVSS5.8AI score0.00019EPSS