Lucene search
K

639 matches found

Snyk
Snyk
added 2026/04/30 6:30 p.m.10 views

Directory Traversal

Overview com.shopizer:shopizer is an open source e-commerce software. Affected versions of this package are vulnerable to Directory Traversal through the /api/v1/private/content/images/add endpoint when processing crafted POST requests while configured with the httpd local filesystem storage...

10CVSS6.3AI score0.00412EPSS
Exploits0References2
Fedora
Fedora
added 2026/04/25 1:52 a.m.7 views

[SECURITY] Fedora 44 Update: rust-sccache-0.14.0-2.fc44

Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage...

6.5CVSS5.4AI score0.00379EPSS
Exploits1
OSV
OSV
added 2026/04/22 10:22 p.m.10 views

GHSA-FFQ5-QPVF-XQ7X OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender

Summary The Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when sending a command. This creates a self-XSS risk because an attacker can trigger their own script execution in the victim’s session, if...

4.6CVSS6.1AI score0.002EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.9 views

PT-2026-36880

Name of the Vulnerable Software and Affected Versions OpenC3 COSMOS versions prior to 7.0.0 Description The Command Sender UI uses an unsafe eval function on array-like command parameters. This allows a user-supplied payload to execute in the browser when sending a command, creating a self-XSS...

4.6CVSS6.1AI score0.002EPSS
Exploits1References8
RubySec
RubySec
added 2026/04/22 12:0 a.m.8 views

OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender

Summary The Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when sending a command. This creates a self-XSS risk because an attacker can trigger their own script execution in the victim’s session, if...

4.6CVSS5.9AI score0.002EPSS
Exploits1References1Affected Software1
GithubExploit
GithubExploit
added 2026/04/18 11:6 a.m.173 views

Exploit for Incorrect Resource Transfer Between Spheres in Openclaw

CVE-2026-25253: One-Click RCE in OpenClaw via Auth Token Theft...

8.8CVSS5.9AI score0.08016EPSS
Exploits5
Packet Storm News
Packet Storm News
added 2026/04/10 12:0 a.m.4 views

DSpace 5.x / 6.x Full Repository Extractor

This Python script is an automated extraction tool targeting a DSpace-based repository. It leverages an open Solr search query to enumerate repository item handles, then audits each item to discover and download associated bitstream files typically PDFs. The script also attempts sequence-based...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/04/05 12:55 a.m.7 views

[SECURITY] Fedora 43 Update: rust-sccache-0.14.0-2.fc43

Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage...

6.5CVSS7.1AI score0.00379EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/03/24 12:49 p.m.4 views

CVE-2026-33309 Langflow has an Arbitrary File Write (RCE) via v2 API

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...

9.9CVSS6AI score0.01417EPSS
Exploits1References1
CVE
CVE
added 2026/03/24 12:49 p.m.19 views

CVE-2026-33309

Summary (concrete details): CVE-2026-33309 affects Langflow 1.2.0–1.8.1 where a bypass of the CVE-2025-68478 patch enables an Arbitrary File Write via the v2 API endpoint /api/v2/files/. The root issue lies in the storage layer’s LocalStorageService, which lacks proper boundary containment checks...

9.9CVSS6AI score0.01417EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/03/20 10:16 p.m.6 views

CVE-2026-32887

Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...

7.4CVSS0.0027EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/20 9:35 p.m.3 views

CVE-2026-32887 Effect Bug: `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC

Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...

7.4CVSS5.8AI score0.0027EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 9:35 p.m.2 views

CVE-2026-32887

Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...

7.4CVSS5.8AI score0.0027EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/20 9:35 p.m.23 views

CVE-2026-32887 Effect Bug: `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC

Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...

7.4CVSS0.0027EPSS
Exploits1References1
OSV
OSV
added 2026/03/20 9:35 p.m.6 views

CVE-2026-32887 Effect Bug: `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC

Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...

7.4CVSS5.9AI score0.0027EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/20 8:34 p.m.2 views

Race Condition

Overview org.webjars.npm:effect is a node package that allows you to add effects on images. Affected versions of this package are vulnerable to Race Condition in the MixedScheduler class, where the AsyncLocalStorage context is not properly isolated between concurrent fiber executions. An attacker...

9.1CVSS5.8AI score0.0027EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/20 8:34 p.m.4 views

EUVD-2026-13818

Effect AsyncLocalStorage context lost/contaminated inside Effect fibers under concurrent load with RPC...

7.4CVSS5.8AI score0.0027EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/20 8:34 p.m.3 views

Race Condition

Overview effect is a node package that allows you to add effects on images. Affected versions of this package are vulnerable to Race Condition in the MixedScheduler class, where the AsyncLocalStorage context is not properly isolated between concurrent fiber executions. An attacker can access or...

9.1CVSS5.8AI score0.0027EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/20 8:34 p.m.4 views

Effect `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC

Versions - effect: 3.19.15 - @effect/rpc: 0.72.1 - @effect/platform: 0.94.2 - Node.js: v22.20.0 - Vercel runtime with Fluid compute - Next.js: 16 App Router - @clerk/nextjs: 6.x Root cause Effect's MixedScheduler batches fiber continuations and drains them inside a single microtask or timer...

7.4CVSS6.1AI score0.0027EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.4 views

PT-2026-26336

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.7.1 Description Langflow is susceptible to an arbitrary file write issue through the POST /api/v2/files API endpoint. The vulnerability stems from a lack of boundary containment checks in the storage layer, which...

9.9CVSS6.1AI score0.01417EPSS
Exploits1References7
Rows per page
Query Builder