Lucene search
K

41225 matches found

EUVD
EUVD
added 2026/04/02 6:31 a.m.7 views

EUVD-2026-18126

A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection...

7.5CVSS6.7AI score0.00259EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/02 6:31 a.m.11 views

EUVD-2026-18118

A security vulnerability has been detected in itsourcecode Payroll Management System up to 1.0. Affected is an unknown function of the file /navbar.php. Such manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclos...

5.3CVSS4.2AI score0.00337EPSS
Exploits0References6
NVD
NVD
added 2026/04/02 6:16 a.m.5 views

CVE-2026-5322

A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection...

7.5CVSS0.00259EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/02 5:30 a.m.33 views

CVE-2026-5322 AlejandroArciniegas mcp-data-vis MCP server.js request sql injection

A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection...

7.5CVSS0.00259EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:30 a.m.2 views

CVE-2026-5322

A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection...

7.5CVSS6.7AI score0.00259EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/02 5:30 a.m.2 views

CVE-2026-5322 AlejandroArciniegas mcp-data-vis MCP server.js request sql injection

A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection...

7.5CVSS6.7AI score0.00259EPSS
Exploits0References4
NVD
NVD
added 2026/04/02 5:16 a.m.4 views

CVE-2026-5321

A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been...

5.3CVSS0.00162EPSS
Exploits0References4
NVD
NVD
added 2026/04/02 5:16 a.m.5 views

CVE-2026-5320

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is n...

7.5CVSS0.00414EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.2 views

CVE-2026-5251

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS6.4AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.4 views

CVE-2026-5254

A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. Affected by this issue is some unknown functionality of the file /ui/app/components/AppJsonTreeView.vue of the component Webhook Handler. The manipulation leads to cross site scripting. The attack may be initiated...

5.1CVSS4.1AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.3 views

CVE-2026-5253

A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by this vulnerability is an unknown functionality of the file /web/src/layout/components/Header/MessageList.vue of the component editNotice Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be...

5.1CVSS4.2AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.4 views

CVE-2026-5248

A vulnerability has been found in gougucms 4.08.18. This affects the function regsubmit of the file gougucms-master\app\home\controller\Login.php of the component User Registration Handler. Such manipulation of the argument level leads to dynamically-determined object attributes. The attack may b...

6.5CVSS6.1AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.4 views

CVE-2026-5237

A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manageuser.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection. The attack is possib...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.4 views

CVE-2026-5249

A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\view\user\record.html of the component Record Endpoint. Performing a manipulation of the argument value.content results in cross site scripting. It is possible to initiate the...

5.1CVSS4.4AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.3 views

CVE-2026-5252

A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been releas...

5.1CVSS4.3AI score0.00273EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.4 views

CVE-2026-5238

A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /viewemployee.php of the component Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/02 4:45 a.m.2 views

CVE-2026-5321 vanna-ai vanna FastAPI/Flask Server cross-domain policy

A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been...

5.3CVSS5.5AI score0.00162EPSS
Exploits0References4
NVD
NVD
added 2026/04/02 4:16 a.m.4 views

CVE-2026-5319

A security vulnerability has been detected in itsourcecode Payroll Management System up to 1.0. Affected is an unknown function of the file /navbar.php. Such manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclos...

5.3CVSS0.00337EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/02 3:45 a.m.1 views

CVE-2026-5320 vanna-ai vanna Chat API Endpoint v2 missing authentication

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is n...

7.5CVSS6.8AI score0.00414EPSS
Exploits0References4
CVE
CVE
added 2026/04/02 3:45 a.m.16 views

CVE-2026-5320

CVE-2026-5320 affects vanna-ai vanna up to 2.0.2. The vulnerability resides in an unknown functionality of the file /api/vanna/v2/ (Chat API Endpoint), where manipulation leads to missing authentication and allows remote exploitation. Public exploit available; vendor status unknown. Affected pack...

7.5CVSS6.8AI score0.00414EPSS
Exploits0References4
Rows per page
Query Builder