Lucene search
K

15102 matches found

Cvelist
Cvelist
added 2026/05/12 12:0 a.m.31 views

CVE-2026-31241

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint DELETE /memories. The endpoint allows unauthenticated users to delete memory records by specifying arbitrary user identifiers e.g., userid, runid, agentid in the request query parameters. A...

0.00386EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-39919

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

4.7CVSS5.8AI score0.00249EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

vLLM 安全漏洞

vLLM is an open-source LLM-based inference and service engine that features high throughput and efficient memory usage. Versions of vLLM prior to 0.20.0 contained a security vulnerability. This vulnerability stemmed from the extracthiddenstates speculative decoding proposal, which returned tensor...

6.5CVSS5.8AI score0.00367EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Pandora FMS SQL注入漏洞

Pandora FMS is a monitoring system developed by the American company Pandora FMS. This system provides visual monitoring of networks, servers, virtual infrastructure, and applications. Versions 777 to 800 of Pandora FMS have a SQL injection vulnerability. This vulnerability arises from improper...

9.8CVSS5.9AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

JunoClaw 操作系统命令注入漏洞

JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions prior to JunoClaw 0.x.y-security-1 contained an operating system command injection vulnerability. This vulnerability stemmed from a substring blacklist in the plugin-shell command security check, which could be...

8.4CVSS5.8AI score0.00171EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.9 views

PT-2026-40128

Name of the Vulnerable Software and Affected Versions mem0 version 1.0.0 Description The server lacks authentication and authorization controls for the 'DELETE /memories' API endpoint. This allows unauthenticated remote attackers to delete memory records by specifying arbitrary identifiers such a...

6.5CVSS6AI score0.00386EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.8 views

CVE-2026-31228

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...

6.5AI score0.0061EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

SAP SAPUI5 安全漏洞

SAP SAPUI5 is a JavaScript application framework developed by the German company SAP. There is a security vulnerability in SAP SAPUI5, which allows unauthenticated attackers to manipulate specific URL parameters containing malicious content. This could lead victims to clicking on and accessing...

4.7CVSS5.8AI score0.00249EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/11 10:53 p.m.8 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.9AI score0.01945EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/11 8:35 p.m.35 views

CVE-2026-43878 WWBN AVideo: Reflected XSS in plugin/Meet/iframe.php via Unescaped `user`/`pass` Parameters Reflected into JavaScript String Literal

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/Meet/iframe.php echoes the attacker-controlled user and pass query parameters unescaped into a JavaScript double-quoted string literal inside a block. An attacker who sends a victim to a crafted URL can bre...

6.1CVSS0.00225EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 8:35 p.m.9 views

CVE-2026-43878 WWBN AVideo: Reflected XSS in plugin/Meet/iframe.php via Unescaped `user`/`pass` Parameters Reflected into JavaScript String Literal

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/Meet/iframe.php echoes the attacker-controlled user and pass query parameters unescaped into a JavaScript double-quoted string literal inside a block. An attacker who sends a victim to a crafted URL can bre...

6.1CVSS6AI score0.00225EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 8:35 p.m.12 views

CVE-2026-43878

Summary. CVE-2026-43878 describes a reflected XSS in WWBN AVideo’s plugin/Meet/iframe.php where attacker-controlled user and pass are echoed unescaped into a JavaScript string literal. Versions up to 29.0 are affected; an unauthenticated user can exploit this if there exists a public, no-password...

6.1CVSS6AI score0.00225EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/11 3:54 p.m.11 views

NPM: Next.js has a Middleware / Proxy bypass through dynamic route parameter injection

NPM: Next.js has a Middleware / Proxy bypass through dynamic route parameter injection vulnerability discovered by ? in WordPress Npm next versions = 15.4.0, 15.5.16...

8.1CVSS5.8AI score0.00449EPSS
Exploits2References5Affected Software1
EUVD
EUVD
added 2026/05/11 3:32 p.m.11 views

EUVD-2026-29051

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS6AI score0.01016EPSS
Exploits0References4
CVE
CVE
added 2026/05/11 2:52 p.m.10 views

CVE-2026-42841

Grav CMS stores image attributes via Markdown media action parameters. Before 2.0.0-beta.2, an authenticated page editor could inject a JavaScript event handler by calling attribute(name, value) through image query parameters (e.g., ?attribute=onload,alert(...)). The attack results in a stored XS...

6.9CVSS5.9AI score0.00397EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/05/11 2:16 p.m.24 views

CVE-2026-4802

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS0.01016EPSS
Exploits0References15
OSV
OSV
added 2026/05/11 2:16 p.m.10 views

DEBIAN-CVE-2026-4802

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS6AI score0.01016EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 12:48 p.m.32 views

CVE-2026-4802

CVE-2026-4802 describes a remote command-execution flaw in Cockpit, caused by unsanitized user-controlled parameters in crafted links within the system logs UI. An attacker can inject shell metacharacters and command substitutions to run arbitrary commands on the host, potentially leading to full...

8CVSS6AI score0.01016EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/05/11 12:48 p.m.18 views

CVE-2026-4802

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS6AI score0.01016EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/11 12:48 p.m.38 views

CVE-2026-4802 Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS0.01016EPSS
Exploits0References13
Rows per page
Query Builder