Lucene search
K

303 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/02 4:45 a.m.2 views

CVE-2026-5321

A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been...

5.3CVSS5.5AI score0.00162EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/02 4:45 a.m.10 views

CVE-2026-5321

CVE-2026-5321 affects vanna-ai up to 2.0.2, involving the FastAPI/Flask Server component. The issue allows remote manipulation that can trigger a permissive cross-domain policy with untrusted domains. An exploit has been published and may be used. The vendor was contacted but did not respond. No ...

5.3CVSS5.5AI score0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.11 views

PT-2026-29866

Name of the Vulnerable Software and Affected Versions Newgen OmniDocs versions up to 12.0.00 Description A security flaw exists in Newgen OmniDocs up to version 12.0.00. The issue involves improper control of resource identifiers due to manipulation of the DocumentId argument within the...

6.9CVSS5.8AI score0.00315EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/01 3:31 a.m.6 views

EUVD-2026-17771

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS6.4AI score0.00242EPSS
Exploits0References5
NVD
NVD
added 2026/03/23 1:16 p.m.3 views

CVE-2026-4588

A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of hard-coded cryptographic k...

6.3CVSS0.00268EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.9 views

PT-2026-27124

A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of hard-coded cryptographic k...

6.3CVSS5AI score0.00268EPSS
Exploits0References5
CVE
CVE
added 2026/03/22 1:2 p.m.23 views

CVE-2026-4547

The CVE-2026-4547 entry concerns mickasmt next-saas-stripe-starter v1.0.0. The vulnerable component is the Checkout Handler’s file actions/generate-user-stripe.ts, specifically the function generateUserStripe. The issue arises from manipulation of the priceId argument, causing business logic erro...

5.3CVSS5.5AI score0.00209EPSS
Exploits0References3
CVE
CVE
added 2026/03/22 4:2 a.m.11 views

CVE-2026-4536

CVE-2026-4536 affects Acrel Environmental Monitoring Cloud Platform 1.1.0. The issue enables an attacker to perform an unrestricted upload through manipulation of some unknown processing, with a remote-initiated attack. Public exploit information exists and the vulnerability has a PROOF-OF-CONCEP...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.4 views

PT-2026-26959

A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is...

6.9CVSS5.2AI score0.00453EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.6 views

PT-2026-26967

A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacte...

7.5CVSS5.4AI score0.00284EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.6 views

PT-2026-26888

A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

6.5CVSS6.1AI score0.00241EPSS
Exploits0References7
CVE
CVE
added 2026/03/11 11:32 p.m.13 views

CVE-2026-3965

CVE-2026-3965 affects whyour qinglong up to 2.20.1, with the vulnerability located in the back/loaders/express.ts API Interface. The issue arises from manipulation of the command argument, causing protection mechanism failure and enabling remote access. Public exploit information exists, and ther...

6.5CVSS6.1AI score0.00441EPSS
In wildExploits0References9
OSV
OSV
added 2026/03/08 6:32 a.m.5 views

CVE-2026-3714 OpenCart Incomplete Fix CVE-2024-36694 template.php save special elements used in a template engine

A vulnerability has been found in OpenCart 4.0.2.3. Affected by this issue is the function Save of the file admin/controller/design/template.php of the component Incomplete Fix CVE-2024-36694. Such manipulation leads to improper neutralization of special elements used in a template engine. The...

5.1CVSS5.5AI score0.00255EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/08 12:0 a.m.13 views

PT-2026-23929

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patient id causes improper authorization. It is possible to initiate the attack remotely. The exploit ha...

6.5CVSS5.6AI score0.00299EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/08 12:0 a.m.15 views

PT-2026-23942

Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description An improper authorization issue exists in the User Creation Handler component of the software. This can be triggered by manipulating the file add user.php. The attack can ...

6.5CVSS6.4AI score0.00254EPSS
Exploits1References13
EUVD
EUVD
added 2026/02/27 6:31 a.m.6 views

EUVD-2026-8997

A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been...

6.5CVSS5.2AI score0.00684EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/20 4:15 p.m.23 views

CVE-2026-24790 Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller Missing Authentication for Critical Function

The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication...

8.2CVSS0.00449EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller 访问控制错误漏洞

The Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller is an industrial natural gas odorization system developed by the American company Welker. This system has a security vulnerability known as access control errors. The vulnerability stems from insufficient protective measures or...

8.2CVSS5.9AI score0.00449EPSS
Exploits0References3
ICS
ICS
added 2026/02/19 7:0 a.m.14 views

Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller

RISK EVALUATION Successful exploitation of this vulnerability could result in an over- or under-odorization event. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...

8.2CVSS5.8AI score0.00449EPSS
Exploits0References11
Veracode
Veracode
added 2026/02/12 7:3 p.m.5 views

Prototype Pollution

@adonisjs/bodyparser is vulnerable to a Prototype Pollution. The vulnerability is due to improper handling of multipart form-data parsing, which allows a remote attacker to manipulate object prototypes at runtime and potentially alter application behavior...

7.2CVSS5.6AI score0.00364EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder