40985 matches found
CVE-2026-8758
CVE-2026-8758 affects Metasoft MetaCRM up to version 6.4.0 Beta06. The issue lies in an unspecified function within /common/jsp/upload3.jsp where manipulating the File argument can trigger an unrestricted upload. The vulnerability can be exploited remotely, and public exploit activity has been ob...
CVE-2026-8758 Metasoft 美特软件 MetaCRM upload3.jsp unrestricted upload
A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly...
CVE-2026-8758 Metasoft 美特软件 MetaCRM upload3.jsp unrestricted upload
A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly...
EUVD-2026-30705
A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly...
CVE-2026-8754
A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...
CVE-2026-8755
A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function getallmodels of the file hiyoriUI.py of the component Model Handler. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has be...
EUVD-2026-30703
A vulnerability was found in adenhq hive up to 0.11.0. This affects the function readeventstail of the file core/framework/server/routessessions.py of the component Delete Request Handler. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has...
CVE-2026-8757 adenhq hive Delete Request routes_sessions.py _read_events_tail path traversal
A vulnerability was found in adenhq hive up to 0.11.0. This affects the function readeventstail of the file core/framework/server/routessessions.py of the component Delete Request Handler. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has...
CVE-2026-8757 adenhq hive Delete Request routes_sessions.py _read_events_tail path traversal
A vulnerability was found in adenhq hive up to 0.11.0. This affects the function readeventstail of the file core/framework/server/routessessions.py of the component Delete Request Handler. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has...
CVE-2026-8757
CVE-2026-8757 affects adenhq hive up to 0.11.0. The vulnerability lies in the Delete Request Handler’s function “read events tail” inside core/framework/server/routes_sessions.py, enabling path traversal via manipulation. It is exploitable remotely and an exploit has been published. Public source...
CVE-2026-8756 fishaudio Bert-VITS2 Gradio webui_preprocess.py generate_config path traversal
A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generateconfig of the file webuipreprocess.py of the component Gradio Interface. Such manipulation of the argument datadir leads to path traversal. The attac...
EUVD-2026-30701
A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function getallmodels of the file hiyoriUI.py of the component Model Handler. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has be...
CVE-2026-8755
A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function getallmodels of the file hiyoriUI.py of the component Model Handler. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has be...
CVE-2026-8755 fishaudio Bert-VITS2 Model hiyoriUI.py _get_all_models path traversal
A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function getallmodels of the file hiyoriUI.py of the component Model Handler. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has be...
CVE-2026-8752
A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access...
CVE-2026-8754
A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...
EUVD-2026-30700
A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...
CVE-2026-8754 AstrBotDevs AstrBot File Upload chat.py post_file path traversal
A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...
CVE-2026-8754 AstrBotDevs AstrBot File Upload chat.py post_file path traversal
A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...
CVE-2026-8754
CVE-2026-8754 affects AstrBotDevs AstrBot up to version 4.23.5. The vulnerability is in the File Upload Handler, specifically the function post_file in astrbot/dashboard/routes/chat.py , where filename manipulation enables a path traversal. Remote exploitation is possible, with the exploit descri...