37 matches found
CVE-2026-15629 louisho5 picobot Workspace filesystem.go GetSkill link following
A weakness has been identified in louisho5 picobot up to 0.2.0. Impacted is the function CreateSkill/GetSkill of the file internal/agent/tools/filesystem.go of the component Workspace Handler. Executing a manipulation can lead to link following. It is possible to launch the attack remotely. The...
PYSEC-2026-329 Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass
Summary Django-Unicorn is vulnerable to python class pollution vulnerability, a new type of vulnerability categorized under CWE-915. The vulnerability arises from the core functionality setpropertyvalue, which can be remotely triggered by users by crafting appropriate component requests and feedi...
EUVD-2026-35130
A security vulnerability has been detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to...
CVE-2026-6797
A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manipulation leads to resource consumption. It is possible to...
PT-2026-46188
A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attac...
CVE-2026-10291
CVE-2026-10291 affects Enderfga claw-orchestrator (up to 3.7.0). The vulnerability lies in the function validateRegex in claw-orchestrator/src/embedded-server.ts of the Session Grep Endpoint , where manipulating the argument body.pattern leads to inefficient regular expression complexity. Remote ...
MLflow 访问控制错误漏洞
MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Version 3.9.0 of MLFlow contains a security vulnerability related to access control. This...
CVE-2026-5317
A security flaw has been discovered in Nothings stb up to 1.22. This affects the function startdecoder of the file stbvorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The...
CVE-2026-4399
Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques formulating a question in such a way that, upon receiving an affirmative response 'true', the model executes the injected instruction,...
CVE-2026-26076
ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...
CVE-2026-22237
The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability...
EUVD-2025-36341
A security vulnerability has been detected in VirtFusion up to 6.0.2. This vulnerability affects unknown code of the file /account/settings of the component Email Change Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be initiated...
CVE-2025-12310 VirtFusion Email Change _settings excessive authentication
A security vulnerability has been detected in VirtFusion up to 6.0.2. This vulnerability affects unknown code of the file /account/settings of the component Email Change Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be initiated...
ROS-20251014-01
The vulnerability of the Rack module interface of the Ruby programming language interpreter is related to the fact that application does not properly control consumption of internal resources in the function "Rack::QueryParser" function. Exploitation of the vulnerability could allow an attacker...
CVE-2025-10366 MiczFlor RPi-Jukebox-RFID inc.setWlanIpMail.php cross site scripting
A flaw has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/inc.setWlanIpMail.php. This manipulation of the argument Email address causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be...
MGASA-2025-0106 Updated mosquitto packages fix security vulnerability
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...
CVE-2025-2321
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this issue is some unknown functionality of the file /api/mjkj-chat/cgform-api/addData/. The manipulation of the argument chatUserID leads to business logic errors. The attack may be...
PT-2024-17880 · Sourcecodester · Road Accident Map Marker
Name of the Vulnerable Software and Affected Versions: SourceCodester Road Accident Map Marker version 1.0 Description: A problematic issue has been found in the software, affecting some unknown functionality of the file /endpoint/add-mark.php. The manipulation of the mark name/details argument...
Security update for openssl-3
This update for openssl-3 fixes the following issues: CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE bsc1230698 Patch Instructions: To install...
PT-2024-6812 · Google +4 · Google Chrome +4
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 129.0.6668.58 Microsoft Edge affected versions not specified Description: The issue is related to incorrect security UI in the Downloads component, allowing a remote attacker to perform UI spoofing via a crafte...