28390 matches found
CVE-2025-60485
A segmentation violation in the gfisomapplesettagex function /isomedia/isomwrite.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
CVE-2026-10169
A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...
PT-2026-45183
A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...
CVE-2018-25408
The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...
CVE-2018-25408
The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...
CVE-2018-25408
The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that lets unauthenticated attackers download arbitrary files by supplying directory traversal sequences (e.g., ../) in the filename parameter. Affected component: ajax/download.php within The Ope...
CVE-2018-25408 The Open ISES Project 3.30A Path Traversal Arbitrary File Download
The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...
CVE-2018-25408 The Open ISES Project 3.30A Path Traversal Arbitrary File Download
The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...
CVE-2026-45296
OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several appapikey routes that trust a caller-provided projectKey after validating only that the API key itself is valid and that the target projectKey exists. The authorization flow does not verify...
Open ISES Project 路径遍历漏洞
The Open ISES Project is an open-source information technology platform and resource platform for emergency service organizations developed by Open ISES. Version 3.30A of the Open ISES Project contains a path traversal vulnerability. This vulnerability stems from improper handling of the filename...
Malicious Package
Overview @cplace-project-planning-fe/cf-project-planning is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env
Impact A Remote Code Execution RCE vulnerability was discovered in Ouroboros. If a user clones a malicious repository and runs Ouroboros commands within that directory, it can lead to arbitrary code execution and potential system takeover. The vulnerability CWE-426: Untrusted Search Path & CWE-15...
GHSA-C4M7-2GWP-VW76 ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env
Impact A Remote Code Execution RCE vulnerability was discovered in Ouroboros. If a user clones a malicious repository and runs Ouroboros commands within that directory, it can lead to arbitrary code execution and potential system takeover. The vulnerability CWE-426: Untrusted Search Path & CWE-15...
CVE-2026-45297
OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...
CVE-2026-49368
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible...
CVE-2026-45613
CVE-2026-45613 affects Rizin; a heap-buffer-overflow is reported in the OMF parser (librz/bin/format/omf/omf.c). The vulnerability is mitigated by the commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47. CVSSv3.1 vector from the entry: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N with base score 3.3 (LOW). Th...
CVE-2026-49368
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible...
CVE-2026-49368
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible...
CVE-2026-47125
CVE-2026-47125 — Arcane global variables endpoint lacks admin authorization Affected: Arcane interface for Docker management (before 1.19.2) via PUT /api/environments/{id}/templates/variables that writes the system-wide .env.global. Root cause: missing admin check in the UpdateGlobalVariables han...
CVE-2018-25404
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticketid parameter. Attackers can send GET requests to addfacnote.php with crafted SQL payloads to extract sensitive...