Lucene search
K

5 matches found

CVE
CVE
added 2026/03/20 5:52 a.m.17 views

CVE-2026-33043

WWBN AVideo has a cross-origin session disclosure vulnerability in versions 25.0 and below: /objects/phpsessionid.json.php exposes the current PHP session ID to unauthenticated requests, and allowOrigin() returns the Origin header with Access-Control-Allow-Credentials: true, enabling credentialed...

8.1CVSS5.8AI score0.00345EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/11 3:30 p.m.6 views

EUVD-2026-11194

Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the exportfile route. The application accepts a JSON payload containing a filename and content. While the developer intended for a native UI...

10CVSS5.9AI score0.00644EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/01/13 8:35 p.m.28 views

OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution

Previously reported via email to [email protected] on 2025-11-17 per the security policy in opencode-sdk-js/SECURITY.md. No response received. Summary OpenCode automatically starts an unauthenticated HTTP server that allows any local process—or any website via permissive CORS—to execute arbitrary...

8.8CVSS7.7AI score0.16955EPSS
Exploits7References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/12 10:49 p.m.4 views

CVE-2026-22812 OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process or any website via permissive CORS to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216...

8.8CVSS7.1AI score0.16955EPSS
Exploits7References1
OSV
OSV
added 2026/01/12 10:49 p.m.8 views

CVE-2026-22812 OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process or any website via permissive CORS to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216...

8.8CVSS7.5AI score0.16955EPSS
Exploits7References3
Rows per page
Query Builder