Lucene search
K

110 matches found

CNNVD
CNNVD
added 2026/04/29 12:0 a.m.11 views

Dell Disk Library for Mainframe 代码问题漏洞

Dell Disk Library for Mainframe is an enterprise-level storage system developed by the American company Dell. It provides virtual tape libraries and data storage management capabilities for mainframe environments. There are code-related vulnerabilities in the Dell Disk Library for Mainframe DLm...

4.3CVSS5.8AI score0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35825

A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component trigger Endpoint. This manipulation of the argument addressList causes...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References7
NVD
NVD
added 2026/04/27 9:16 a.m.9 views

CVE-2026-7108

A security vulnerability has been detected in code-projects Invoice System in Laravel 1.0. This affects an unknown function. Such manipulation leads to cross-site request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used...

5.3CVSS0.00155EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/25 12:0 p.m.3 views

CVE-2026-6979

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

6.5CVSS6.2AI score0.00252EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.17 views

PT-2026-35152

A vulnerability was found in IhateCreatingUserNames2 AiraHub2 up to 3e4b77fd7d48ed811ffe5b8d222068c17c76495e. Affected is the function connect stream endpoint/sync agents of the file AiraHub.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack...

6.5CVSS6.1AI score0.00252EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/20 7:30 a.m.5 views

CVE-2026-6617

A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function getapitoolproviderremoteschema of the file api/services/tools/apitoolsmanageservice.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-side...

6.5CVSS5.4AI score0.00201EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/20 7:30 a.m.15 views

CVE-2026-6617

CVE-2026-6617 affects langgenius dify up to version 0.6.9. The vulnerability is in ApiToolManageService, specifically the get_api_tool_provider_remote_schema function within api_tools_manage_service.py. Reported behavior shows that manipulating the url argument enables server-side request forgery...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References4
NVD
NVD
added 2026/04/20 5:16 a.m.13 views

CVE-2026-6606

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

7.5CVSS0.00284EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/20 12:30 a.m.6 views

EUVD-2026-23731

A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function createoriginonlymiddleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The...

5.3CVSS5.1AI score0.00158EPSS
Exploits0References4
NVD
NVD
added 2026/04/20 12:16 a.m.6 views

CVE-2026-6587

A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function tryprocesslocalfile/tryprocessurl of the file src/ragas/metrics/collections/multimodalfaithfulness/util.py of the component Collections Module. Performing a manipulation of the argument...

8.1CVSS0.00277EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/20 12:0 a.m.7 views

CVE-2026-6587

A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function tryprocesslocalfile/tryprocessurl of the file src/ragas/metrics/collections/multimodalfaithfulness/util.py of the component Collections Module. Performing a manipulation of the argument...

7.5CVSS5.4AI score0.00534EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.16 views

PT-2026-33730

A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get api tool provider remote schema of the file api/services/tools/api tools manage service.py of the component ApiToolManageService. Performing a manipulation of the argument url results in...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/19 12:45 p.m.9 views

CVE-2026-6573

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...

6.5CVSS5.5AI score0.00258EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/14 1:22 a.m.3 views

CVE-2026-5832

A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyzeapispec/generatetestscenarios/testhttpendpoint of the file src/mcp/http-server.ts of the component HTTP Interface. This manipulation of the argument source/url causes server-side request forgery. T...

7.5CVSS5.4AI score0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/12 5:0 a.m.32 views

CVE-2026-6119 AstrBotDevs AstrBot API Endpoint post_data.get server-side request forgery

A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function postdata.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used...

6.5CVSS0.00257EPSS
Exploits0References5
NVD
NVD
added 2026/04/08 9:17 p.m.3 views

CVE-2026-5803

A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The affected element is an unknown function of the file server.js of the component API Proxy Endpoint. Performing a manipulation of the argument Query results in server-side request...

6.5CVSS0.00227EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/07 10:51 a.m.5 views

CVE-2026-5633

A vulnerability was determined in assafelovic gpt-researcher up to 3.4.3. Affected is an unknown function of the component ws Endpoint. Executing a manipulation of the argument sourceurls can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS5.5AI score0.00284EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 7:0 a.m.3 views

CVE-2026-5633

A vulnerability was determined in assafelovic gpt-researcher up to 3.4.3. Affected is an unknown function of the component ws Endpoint. Executing a manipulation of the argument sourceurls can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/06 7:0 a.m.30 views

CVE-2026-5633

The CVE-2026-5633 entry concerns assafelovic gpt-researcher up to version 3.4.3, with a vulnerability in an unspecified function of the ws Endpoint. An attacker can manipulate the argument source_urls to induce server-side request forgery (SSRF), with remote exploitation possible. Public exploit ...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/06 6:30 a.m.3 views

EUVD-2026-19176

A security flaw has been discovered in ProjectSend r2002. This vulnerability affects unknown code of the file upload.php. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks...

5.3CVSS5.5AI score0.00162EPSS
Exploits0References7
Rows per page
Query Builder