Lucene search
K

289 matches found

NVD
NVD
added 6 days ago10 views

CVE-2026-14261

A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control...

9.1CVSS0.00571EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-14261 CVE-2026-14261

A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control...

0.00571EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42583

A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control...

9.1CVSS6.6AI score0.00571EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/02 6:34 p.m.15 views

Axios npm Supply Chain Incident Impacting @usebruno/cli

Impact This is a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran npm install between 00:21 UTC and 03:30 UTC on March 31, 2026 may have been...

9.8CVSS5.9AI score0.00234EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/04/02 6:34 p.m.5 views

GHSA-658G-P7JG-WX5G Axios npm Supply Chain Incident Impacting @usebruno/cli

Impact This is a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran npm install between 00:21 UTC and 03:30 UTC on March 31, 2026 may have been...

9.8CVSS5.9AI score0.00234EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/04 3:30 p.m.6 views

EUVD-2025-208272

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...

6.6CVSS5.9AI score0.00241EPSS
Exploits2References4
OSV
OSV
added 2026/03/04 12:0 a.m.8 views

CVE-2025-70342

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...

6.6CVSS5.8AI score0.00241EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2026/03/04 12:0 a.m.4 views

CVE-2025-70342

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...

5.9AI score0.00241EPSS
Exploits2References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/02/26 5:24 a.m.8 views

Multiple vulnerabilities in the installer of FinalCode Client

Overview The installer of FinalCode Client provided by Digital Arts Inc. contains multiple vulnerabilities listed below. Incorrect default permissions CWE-276 - CVE-2026-23703 Uncontrolled search path element CWE-427 - CVE-2026-25191 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported...

8.5CVSS6.3AI score0.00144EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.16 views

PT-2026-6815

Name of the Vulnerable Software and Affected Versions Core FTP LE version 2.2 Description The application can be crashed by overwriting the account field with a large buffer, leading to a denial of service. An attacker can create a text file containing 20,000 repeated characters and paste it into...

7.5CVSS5.5AI score0.00373EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/03 3:18 p.m.25 views

CVE-2024-2356

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

9.6CVSS5.9AI score0.00769EPSS
Exploits0References1
NVD
NVD
added 2026/02/02 11:15 a.m.7 views

CVE-2024-2356

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

9.6CVSS0.00769EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/02 10:36 a.m.30 views

CVE-2024-2356 Remote Code Execution due to LFI in '/reinstall_extension' in parisneo/lollms-webui

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

9.6CVSS0.00769EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/02 10:36 a.m.4 views

EUVD-2024-27309

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

9.6CVSS5.9AI score0.00769EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/02 10:36 a.m.2 views

CVE-2024-2356 Remote Code Execution due to LFI in '/reinstall_extension' in parisneo/lollms-webui

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

9.6CVSS5.9AI score0.00769EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/02 10:36 a.m.4 views

CVE-2024-2356

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

9.6CVSS5.9AI score0.00769EPSS
Exploits0References3
OSV
OSV
added 2026/02/02 10:36 a.m.6 views

CVE-2024-2356 Remote Code Execution due to LFI in '/reinstall_extension' in parisneo/lollms-webui

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

9.6CVSS7.5AI score0.00769EPSS
Exploits0References4
CVE
CVE
added 2026/02/02 10:36 a.m.28 views

CVE-2024-2356

The CVE-2024-2356 family affects parisneo/lollms-webui, with a Local File Inclusion (LFI) in the /reinstall_extension endpoint. The vulnerability targets the name parameter of the POST route, allowing an attacker to inject a malicious value that causes the server to load and execute arbitrary Pyt...

9.6CVSS5.9AI score0.00769EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.8 views

PT-2026-5649

A Local File Inclusion LFI vulnerability exists in the '/reinstall extension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstall extension" route. This vulnerability allows attackers to inject a malicious name parameter, leadin...

9.6CVSS5.9AI score0.00769EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.8 views

LoLLMs WEBUI 安全漏洞

LoLLMs WEBUI is a large-scale model web user interface developed by Saifeddine ALOUI, which supports integration of multiple models and modalities. LoLLMs WEBUI has a security vulnerability; this vulnerability stems from the name parameter in the /reinstallextension endpoint containing local file...

9.6CVSS7.8AI score0.00769EPSS
Exploits0References3
Rows per page
Query Builder