Lucene search
K

1214 matches found

CNVD
CNVD
added 2026/04/20 12:0 a.m.7 views

PraisonAI Operating System Command Injection Vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from an operating system command injection vulnerability that stems from the --mcp CLI parameter being passed directly without any validation, whitelist checking, or cleanup, which can be exploited by an...

9.8CVSS5.7AI score0.00824EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007318)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007318 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters o...

5.5CVSS6.3AI score0.00301EPSS
Exploits0References4
OSV
OSV
added 2026/04/16 1:2 a.m.7 views

GHSA-W59F-67XM-RXX7 Froxlor has Local File Inclusion via path traversal in API `def_language` parameter leads to Remote Code Execution

Summary The Froxlor API endpoint Customers.update and Admins.update does not validate the deflanguage parameter against the list of available language files. An authenticated customer can set deflanguage to a path traversal payload e.g., ../../../../../var/customers/webs/customer1/evil, which is...

9.9CVSS6.4AI score0.00524EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

Cisco Unity Connection 安全漏洞

Cisco Unity Connection UC is a voice messaging platform developed by the American company Cisco. This platform allows users to make calls or listen to voic messages using voice commands. There is a security vulnerability in Cisco Unity Connection UC, which stems from improper validation of HTTP...

4.7CVSS5.8AI score0.00202EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/04/15 12:0 a.m.5 views

Adobe ColdFusion fetchCFSettingFile Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the fetchCFSettingFile method. The issue results from the lack of proper...

7.5CVSS5.9AI score0.28962EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/14 11:21 p.m.14 views

WWBN AVideo has an incomplete fix for CVE-2026-33293: Path Traversal

Summary The incomplete fix for AVideo's CloneSite deleteDump parameter does not apply path traversal filtering, allowing unlink of arbitrary files via ../../ sequences in the GET parameter. Affected Package - Ecosystem: Other - Package: AVideo - Affected versions: = commit 941decd6d19e Details At...

8.1CVSS5.9AI score0.00505EPSS
Exploits2References7Affected Software1
GithubExploit
GithubExploit
added 2026/04/11 7:14 p.m.126 views

Exploit for Path Traversal in Redaxo

CVE-2026-21857: Redaxo has Path Traversal in Backup Addon Lead...

8.3CVSS5.9AI score0.00493EPSS
Exploits3
CNNVD
CNNVD
added 2026/04/11 12:0 a.m.7 views

OpenClaw 路径遍历漏洞

OpenClaw is an intelligent artificial assistant developed under the OpenClaw open source project. OpenClaw has a path traversal vulnerability, which stems from insufficient validation of path parameters, potentially leading to information leakage...

6.5CVSS6.6AI score0.00944EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 4:3 p.m.6 views

CVE-2026-35668

OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in...

7.7CVSS5.9AI score0.00382EPSS
Exploits1References3
CVE
CVE
added 2026/04/10 4:3 p.m.21 views

CVE-2026-35668

OpenClaw contains a path traversal vulnerability in its sandbox enforcement prior to version 2026.3.24. The flaw allows sandboxed agents to read arbitrary files from other agents’ workspaces through unnormalized mediaUrl and fileUrl parameter keys, due to incomplete parameter validation in normal...

7.7CVSS5.9AI score0.00382EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.3 views

PT-2026-31372

CVE-2025-50646 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input validation on the name parameter in the /qos type asp.asp endpoint. https://t.co/DMT2TO3UP6...

7.5CVSS6.1AI score0.00516EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/08 12:0 a.m.19 views

CVE-2025-50654

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thdmember.asp endpoint...

0.00516EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.5 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006755)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006755 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters o...

5.5CVSS6.3AI score0.00301EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.7 views

PT-2026-30842

Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...

5.9AI score0.00211EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.10 views

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system developed by Endian Corporation. Versions of Endian Firewall 3.3.25 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from incomplete regular expression validation for the DATE...

8.8CVSS6.1AI score0.01248EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/31 6:0 a.m.1 views

CVE-2026-3881 Performance Monitor <= 1.0.6 - Unauthenticated Blind SSRF

The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attacks...

5.9AI score0.00259EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/30 6:31 p.m.10 views

OpenClaw has Sandbox Media Root Bypass via Unnormalized `mediaUrl` / `fileUrl` Parameter Keys (CWE-22)

Fixed in OpenClaw 2026.3.24, the current shipping release. Advisory Details Title: Sandbox Media Root Bypass via Unnormalized mediaUrl / fileUrl Parameter Keys CWE-22 Description: Summary A path traversal vulnerability in the agent sandbox enforcement allows a sandboxed agent to read arbitrary...

7.7CVSS5.9AI score0.00382EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.5 views

CVE-2025-59706

In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution...

9.8CVSS6.1AI score0.00527EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 8:57 a.m.3 views

SUSE-SU-2026:20879-1 Security update for python-PyJWT

This update for python-PyJWT fixes the following issues: Update to PyJWT 2.12.1: - CVE-2024-53861: prevent partial matching of the Issuer field bsc1234038. - CVE-2026-32597: validate the crit Header Parameter defined in RFC 7515 bsc1259616. Changelog: Update to 2.12.1: - Add missing...

7.5CVSS6.8AI score0.0081EPSS
Exploits2References5
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

Mediasoftpro ASP.NET jVideo Kit SQL注入漏洞

Mediasoftpro ASP.NET jVideo Kit is a video management and publishing component suite developed by Mediasoftpro. Version 1.0 of Mediasoftpro ASP.NET jVideo Kit contains a SQL injection vulnerability, which stems from insufficient validation of query parameter inputs, potentially allowing SQL...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References3
Rows per page
Query Builder