Lucene search
K

300 matches found

Vulnrichment
Vulnrichment
added 2026/04/25 6:30 p.m.5 views

CVE-2026-6993 go-kratos http.DefaultServeMux Fallback server.go NewServer confused deputy

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

6.9CVSS5.5AI score0.00315EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/24 12:31 a.m.9 views

EUVD-2026-25337

OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this by manipulating browser proxy profil...

8.1CVSS5.8AI score0.00335EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/23 12:31 a.m.9 views

copilot-api has Reliance on Reverse DNS Resolution for a Security-Critical Action

A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...

5.3CVSS4.7AI score0.00257EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.11 views

PT-2026-34181

A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext...

5.3CVSS5.5AI score0.00147EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/12 7:45 p.m.4 views

CVE-2026-6129

A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The...

7.5CVSS5.5AI score0.00391EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/09 5:0 a.m.15 views

CVE-2026-5847

Code-projects Movie Ticketing System 1.0 is affected by CVE-2026-5847. The vulnerability resides in the SQL Database Backup File Handler, specifically manipulation of the /db/moviedb.sql file, which can lead to information disclosure. It is exploitable remotely over the network, with a public exp...

5.3CVSS5.4AI score0.00259EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/09 12:32 a.m.3 views

EUVD-2026-20803

A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing a manipulation of the argument txtqty results in business logic errors. It is possible to initia...

5.5CVSS5.6AI score0.00241EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31550

Name of the Vulnerable Software and Affected Versions SourceCodester Pharmacy Product Management System version 1.0 Description A security flaw exists in SourceCodester Pharmacy Product Management System 1.0. The issue is located in an unknown part of the add-sales.php file within the POST...

5.5CVSS5.9AI score0.00241EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.10 views

Google Chrome 竞争条件问题漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome for Android prior to 147.0.7727.55 contained a competitive condition vulnerability, which was caused by Media-related competitive conditions. This vulnerability could allow remote attackers to...

9.8CVSS7.3AI score0.00212EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.6 views

PT-2026-30867

Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.3, 5.2 through 5.2.12, and 4.2 through 4.2.29 Description The ASGIRequest component allows a remote attacker to spoof headers due to an ambiguous mapping of header variants with hyphens or with underscores to a...

9.8CVSS5.8AI score0.00769EPSS
Exploits1References33
Cvelist
Cvelist
added 2026/04/06 11:30 a.m.25 views

CVE-2026-5650 code-projects Online Application System for Admission oas.sql sensitive information

A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The...

6.9CVSS0.00308EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/06 3:15 a.m.2 views

CVE-2026-5616

A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to...

7.5CVSS6.6AI score0.00409EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.5 views

PT-2026-30600

A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The...

6.9CVSS5.7AI score0.00308EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.5 views

PT-2026-30571

A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be...

7.5CVSS6.7AI score0.00414EPSS
Exploits0References6
CVE
CVE
added 2026/04/05 12:15 a.m.16 views

CVE-2026-5529

CVE-2026-5529 affects Dromara lamp-cloud up to 5.8.1. The vulnerability is in DefUserController.pageUser; manipulation of the pageUser function leads to improper authorization. The issue is exploitable remotely and the exploit is public. Public notifications were sent to the project via an issue,...

5.3CVSS5.5AI score0.00273EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.5 views

PT-2026-30407

A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc server.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted early about this...

7.5CVSS5.5AI score0.00378EPSS
Exploits0References5
NVD
NVD
added 2026/04/03 8:16 p.m.6 views

CVE-2026-5484

A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible...

6.9CVSS0.00322EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/02 4:45 a.m.2 views

CVE-2026-5321

A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been...

5.3CVSS5.5AI score0.00162EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/02 4:45 a.m.10 views

CVE-2026-5321

CVE-2026-5321 affects vanna-ai up to 2.0.2, involving the FastAPI/Flask Server component. The issue allows remote manipulation that can trigger a permissive cross-domain policy with untrusted domains. An exploit has been published and may be used. The vendor was contacted but did not respond. No ...

5.3CVSS5.5AI score0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.10 views

PT-2026-29866

Name of the Vulnerable Software and Affected Versions Newgen OmniDocs versions up to 12.0.00 Description A security flaw exists in Newgen OmniDocs up to version 12.0.00. The issue involves improper control of resource identifiers due to manipulation of the DocumentId argument within the...

6.9CVSS5.8AI score0.00315EPSS
Exploits0References8
Rows per page
Query Builder