Lucene search
+L

1414 matches found

NVD
NVD
added 2026/04/17 8:16 p.m.9 views

CVE-2026-40461

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...

7.5CVSS0.00285EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/16 8:44 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview mcp-framework is a Framework for building Model Context Protocol MCP servers in Typescript Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the readRequestBody function. An attacker can exhaust system memory and cause a server...

8.7CVSS5.8AI score0.00495EPSS
Exploits0References2
OSV
OSV
added 2026/04/16 8:44 p.m.7 views

GHSA-353C-V8X9-V7C3 MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport

Summary The readRequestBody function in src/transports/http/server.ts concatenates HTTP request body chunks into a string with no size limit, allowing a remote unauthenticated attacker to crash the server via memory exhaustion with a single large HTTP POST request. Details File:...

8.7CVSS5.9AI score0.00495EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

Schneider Electric PowerChute Serial Shutdown 安全漏洞

Schneider Electric PowerChute Serial Shutdown is a UPS management, normal shutdown and energy management software from Schneider Electric France. A security bypass vulnerability exists in Schneider Electric PowerChute Serial Shutdown, which stems from improper output encoding or escaping, and can...

6.9CVSS5.8AI score0.00186EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.7 views

Schneider Electric PowerChute Serial Shutdown 资源管理错误漏洞

Schneider Electric PowerChute Serial Shutdown is a UPS management, normal shutdown and energy management software from Schneider Electric France. Schneider Electric PowerChute Serial Shutdown suffers from a Resource Management Error vulnerability that stems from uncontrolled resource consumption,...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.11 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Django vulnerabilities (USN-8154-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8154-1 advisory. Seokchan Yoon discovered that Django incorrectly handled copying memory when parsing multipart uploads with...

9.8CVSS5.9AI score0.00879EPSS
Exploits1References6
NVD
NVD
added 2026/04/11 2:16 a.m.8 views

CVE-2026-3358

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and including, 3.9.7. This is due to missing poststatus validation in the enrollnow and courseenrollment functions. Both enrollment endpoints...

5.4CVSS0.00374EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/10 4:30 a.m.35 views

CVE-2026-6014 D-Link DIR-513 POST Request formAdvanceSetup buffer overflow

A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remotely. The exploit...

9CVSS0.00734EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/09 9:19 p.m.22 views

CVE-2026-40115 PraisonAI has an Unrestricted Upload Size in WSGI Recipe Registry Server Enables Memory Exhaustion DoS

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token...

6.2CVSS0.00334EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:19 p.m.3 views

CVE-2026-40115

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token...

6.2CVSS6AI score0.00334EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/09 9:18 p.m.37 views

CVE-2026-40114

PraisonAI's /api/v1/runs accepts an arbitrary webhook_url in requests and, before version 4.5.128, posts results to that URL after job completion using httpx.AsyncClient. This enables SSRF from an unauthenticated attacker to reach internal or external destinations, including cloud metadata servic...

10CVSS6.1AI score0.0028EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

PraisonAI 代码问题漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained code vulnerabilities. These vulnerabilities stemmed from the/api/v1/runs endpoint allowing arbitrary webhook URLs without proper URL validation, which could le...

10CVSS6AI score0.0028EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.6 views

InvenTree 安全漏洞

InvenTree is an open-source inventory management system developed by InvenTree. It provides robust low-level inventory control and parts tracking capabilities. Versions of InvenTree from 0.16.0 to 1.2.7 contained security vulnerabilities. These vulnerabilities allowed any authenticated user to...

8.3CVSS5.8AI score0.00303EPSS
Exploits0References1
CNVD
CNVD
added 2026/04/08 12:0 a.m.6 views

OpenClaw Resource Management Error Vulnerability (CNVD-2026-16893)

OpenClaw is a command line tool for rights management. A security vulnerability exists in versions of OpenClaw prior to 2026.3.13 that stems from the software reading and caching Webhook request bodies before validating the x-telegram-bot-api-secret-token request header. An attacker could use thi...

8.7CVSS5.8AI score0.00531EPSS
Exploits0
OSV
OSV
added 2026/04/02 3:54 p.m.1 views

CVE-2025-58136 Apache Traffic Server: A simple legitimate POST request causes a crash

A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older versions is to...

7.5CVSS6.2AI score0.00673EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/26 12:30 p.m.9 views

EUVD-2018-21671

KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...

8.8CVSS5.9AI score0.00245EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 11:39 a.m.1 views

CVE-2018-25209

OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers to manipulate database queries through the username parameter. Attackers can submit POST requests to /bin/controller.php with malicious SQL code in the username field to extract...

8.8CVSS6AI score0.00327EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 11:39 a.m.7 views

CVE-2018-25206 KomSeo Cart 1.3 SQL Injection via edit.php

KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...

8.8CVSS6AI score0.00245EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/26 11:39 a.m.28 views

CVE-2018-25202 SAT CFDI 3.3 SQL Injection via signIn endpoint

SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL injection payloa...

8.8CVSS0.00245EPSS
Exploits0References3
CVE
CVE
added 2026/03/26 11:39 a.m.14 views

CVE-2018-25202

SAT CFDI 3.3 is affected by an SQL injection in the signIn endpoint via the id parameter. The vulnerability allows attackers to manipulate queries using boolean-based blind, stacked, or time-based blind payloads to extract data or compromise the application. Public metrics indicate high severity ...

8.8CVSS6AI score0.00245EPSS
Exploits0References3
Rows per page
Query Builder