Lucene search
K

450 matches found

EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43599

A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function getworkspacefile of the file executormanager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument userid can lead to authorization bypass. The attack may be launched...

6.9CVSS5.9AI score0.00353EPSS
Exploits0References8
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-15622 poco-ai poco-claw Workspace API workspace.py get_workspace_file authorization

A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function getworkspacefile of the file executormanager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument userid can lead to authorization bypass. The attack may be launched...

6.9CVSS0.00353EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-15494 AMTT Hotel Broadband Operation System switch_status.php sql injection

A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switchstatus.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and...

5.8CVSS0.00202EPSS
Exploits0References5
Snyk
Snyk
added 6 days ago5 views

Incorrect Authorization

Overview FlaskBB is an A classic Forum Software in Python using Flask. Affected versions of this package are vulnerable to Incorrect Authorization via manipulation of the topicid parameter in batch requests. An attacker can perform unauthorized actions such as locking, unlocking, deleting, or...

8.1CVSS6.1AI score0.00284EPSS
Exploits0References2
CVE
CVE
added 6 days ago9 views

CVE-2026-22659

FlaskBB up to version 2.2.0 is vulnerable to an authorization bypass. The issue arises when an attacker manipulates a batch request with crafted topic ID lists, causing a low-ID topic from a permitted forum to be used as an anchor and bypass the permission check applied only to the first result. ...

8.1CVSS6.2AI score0.00284EPSS
Exploits0References3
OSV
OSV
added 6 days ago3 views

CVE-2026-22659 FlaskBB Authorization Bypass via Topic ID Manipulation

FlaskBB through 2.2.0, fixed in commit acc88cf, contains an authorization bypass vulnerability that allows authenticated moderators to perform unauthorized actions on topics in forums they do not control by submitting crafted topic ID lists. Attackers can include a low-ID topic from a permitted...

7.2CVSS6.2AI score0.00284EPSS
Exploits0References6
NVD
NVD
added 2026/07/05 11:16 p.m.10 views

CVE-2026-14775

A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /processlesson.php. Such manipulation of the argument userid leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly...

6.5CVSS0.00214EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 10:45 p.m.17 views

CVE-2026-14775

The CVE concerns SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function in the file /process_lesson.php where manipulation of the argument user_id leads to unrestricted upload. The attack can be launched remotely, and an exploit is publicly available. T...

6.5CVSS6.4AI score0.00214EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 11:30 a.m.8 views

CVE-2026-14745

A weakness has been identified in code-projects Real State Services 1.0. This impacts an unknown function of the file /single-listrent.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to t...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/07/05 9:16 a.m.8 views

CVE-2026-14732

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. This vulnerability affects unknown code of the file /editexam.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...

7.5CVSS0.00263EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.11 views

PT-2026-55832

Name of the Vulnerable Software and Affected Versions SourceCodester Onlne Examination & Learning Management System version 1.0 Description An issue exists in the /process lesson.php file where manipulation of the user id variable allows for unrestricted file upload. This flaw can be exploited...

6.5CVSS6.5AI score0.00214EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/07/04 8:15 a.m.10 views

CVE-2026-14621

A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument...

3.1CVSS5.1AI score0.00299EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.12 views

PT-2026-55733

Name of the Vulnerable Software and Affected Versions SourceCodester Simple and Nice Shopping Cart Script version 1.0 Description An issue exists in the /admin/mensproductdeletequery.php file where improper handling of the user id variable allows for SQL injection. This allows a remote attacker t...

7.5CVSS7.2AI score0.00412EPSS
Exploits0References9
CVE
CVE
added 2026/07/03 8:0 p.m.14 views

CVE-2026-14608

SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 is affected. The vulnerability resides in the POST Handler’s /index.php?action=view_student where manipulating the ID argument bypasses authorization. Remote exploitation is possible, and the exploit has been publicly di...

5.3CVSS5.6AI score0.00223EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/03 8:0 p.m.10 views

EUVD-2026-41565

A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=viewstudent of the component POST Handler. The manipulation of the argument ID leads to authorization...

5.3CVSS5.6AI score0.00223EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 8:15 a.m.7 views

EUVD-2026-40055

A weakness has been identified in itsourcecode Baptism Information Management System 1.0. The impacted element is an unknown function of the file /delbaptism.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been mad...

7.5CVSS7AI score0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/29 4:30 a.m.9 views

CVE-2026-13535

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/28 9:30 p.m.3 views

CVE-2026-13507 volcengine OpenViking Local VectorDB Primary-key Label str_to_uint64.py str_to_uint64 data authenticity

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

2.3CVSS5.5AI score0.00138EPSS
Exploits0References9
CVE
CVE
added 2026/06/28 11:15 a.m.16 views

CVE-2026-13491

The CVE-2026-13491 entry concerns 78 xiaozhi-esp32 (up to version 2.2.6) and identifies a vulnerability in the MQTT Goodbye Handler. The issue lies in Application::GetInstance within main/protocols/mqtt_protocol.cc, where manipulating the session_id argument can trigger a denial of service. The a...

6.3CVSS5AI score0.00411EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/28 11:15 a.m.31 views

CVE-2026-13491 78 xiaozhi-esp32 MQTT Goodbye mqtt_protocol.cc GetInstance denial of service

A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqttprotocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument sessionid results in denial of service. The...

6.3CVSS0.00411EPSS
Exploits0References8
Rows per page
Query Builder