63 matches found
CVE-2026-15752 zhinianboke xianyu-auto-reply Backend User Endpoint users authorization
A vulnerability was found in zhinianboke xianyu-auto-reply up to dcb445ad97816ad65299a7580ee0c8c8f929da84. Affected is an unknown function of the file /api/v1/users/ of the component Backend User Endpoint. Performing a manipulation results in missing authorization. The attack may be initiated...
EUVD-2026-42780
A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...
CVE-2026-15184 GNU LibreDWG DWG File dwg.c dwg_next_entity null pointer dereference
A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwgnextentity of the file src/dwg.c of the component DWG File Handler. Performing a manipulation of the argument nextobj results in null pointer dereference. The attack must be initiated from a local...
CVE-2025-15668
A vulnerability was identified in GPAC up to b40ce70f5. This issue affects the function sgpddelentry of the file src/isomedia/boxcodebase.c of the component MP4Box. Such manipulation of the argument data leads to heap-based buffer overflow. Local access is required to approach this attack. The...
EUVD-2026-41814
A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtinprobeduration of the file src/filters/loadtext.c of the component TeXML File Handler. Such manipulation of the argument txmltimescale leads to divide by zero. An attack...
CVE-2026-14758 radareorg radare2 hexpairs cmd_anal.inc.c cmd_anal_opcode integer overflow
A vulnerability was identified in radareorg radare2 up to 6.1.6. This vulnerability affects the function cmdanalopcode of the file libr/core/cmdanal.inc.c of the component hexpairs Parser. Such manipulation leads to integer overflow. The attack needs to be performed locally. The exploit is public...
EUVD-2026-40025
A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File...
CVE-2026-13528
CVE-2026-13528 affects YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The vulnerable element is the function generateUploadPath in FileServiceImpl.java under the AppFileController File Upload Endpoint. A manipulation can cause path traversal, enabling remote exploitation. The exp...
CVE-2026-8305
A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to...
EUVD-2026-34056
A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...
CVE-2026-10692 johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos
A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...
DEBIAN-CVE-2026-10199
A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the...
CVE-2026-9567
A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isomintern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been released to the publ...
EUVD-2026-28912
A vulnerability was detected in Open5GS up to 2.7.7. This affects the function ogssbiclientsendviascporsepp in the library lib/sbi/client.c of the component NF. Performing a manipulation results in out-of-bounds read. The attack is possible to be carried out remotely. The patch is named...
CVE-2026-8087
A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The...
EUVD-2026-26250
A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mailmcpserver.py. Executing a manipulation of the argument messageids can lead to path traversal. The attack can be executed remotely. The exploit has been published and may be used...
CVE-2026-7135 GPAC MP4Box box_code_base.c elng_box_read out-of-bounds
A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elngboxread of the file src/isomedia/boxcodebase.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack...
EUVD-2025-209411
A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used...
Agions taskflow-ai vulnerable to os command injection in src/mcp/server/handlers.ts
A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminalexecute. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. Upgrading ...
PT-2026-31565
Name of the Vulnerable Software and Affected Versions Agions taskflow-ai versions through 2.1.8 Description A security flaw exists in Agions taskflow-ai up to version 2.1.8. The issue impacts an unknown function within the src/mcp/server/handlers.ts file of the terminal execute component, leading...