14 matches found
CVE-2026-14621
A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument...
CVE-2026-13491 78 xiaozhi-esp32 MQTT Goodbye mqtt_protocol.cc GetInstance denial of service
A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqttprotocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument sessionid results in denial of service. The...
CVE-2026-13491
A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqttprotocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument sessionid results in denial of service. The...
CVE-2026-13491
The CVE-2026-13491 entry concerns 78 xiaozhi-esp32 (up to version 2.2.6) and identifies a vulnerability in the MQTT Goodbye Handler. The issue lies in Application::GetInstance within main/protocols/mqtt_protocol.cc, where manipulating the session_id argument can trigger a denial of service. The a...
PT-2026-53104
Name of the Vulnerable Software and Affected Versions xiaozhi-esp32 versions prior to 2.2.7 Description A remote denial of service can be triggered through the manipulation of the session id argument. This issue resides within the Application::GetInstance function located in the main/protocols/mq...
GHSA-R6VM-4XWG-W69H AstrBot: Manipulation of astr_main_agent's session_id parameter leads to authorization bypass
A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astrmainagent of the file astrbot/core/astrmainagent.py. Such manipulation of the argument sessionid leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly availab...
CVE-2026-10212
A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astrmainagent of the file astrbot/core/astrmainagent.py. Such manipulation of the argument sessionid leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly availab...
CVE-2026-10212
A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astrmainagent of the file astrbot/core/astrmainagent.py. Such manipulation of the argument sessionid leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly availab...
CVE-2026-10212 AstrBotDevs AstrBot astr_main_agent.py astr_main_agent authorization
A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astrmainagent of the file astrbot/core/astrmainagent.py. Such manipulation of the argument sessionid leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly availab...
PT-2026-45244
Name of the Vulnerable Software and Affected Versions AstrBotDevs AstrBot version 4.24.2 Description An authorization bypass exists that can be triggered remotely. The issue occurs within the astr main agent function located in the astrbot/core/astr main agent.py file, where manipulation of the...
CVE-2018-19114
An issue was discovered in MinDoc through v1.0.2. It allows attackers to gain privileges by uploading an image file with contents that represent an admin session, and then sending a Cookie: header with a mindocid value containing the relative pathname of this uploaded file. For example, the...
CVE-2025-13262
Summary (CVE-2025-13262): lsFusion Platform up to 6.1 is affected. The vulnerability lies in the UploadFileRequestHandler (file/UploadFileRequestHandler.java), where manipulation of the sid argument can cause path traversal. It is exploitable remotely, and public disclosures of exploits exist. Se...
EUVD-2024-21970
Malicious code in bioql PyPI...
PT-2023-27785 · Phpjabbers · Phpjabbers Availability Booking Calendar
Name of the Vulnerable Software and Affected Versions: PHP Jabbers Availability Booking Calendar version 5.0 Description: A vulnerability has been found in the software, classified as problematic. It affects an unknown functionality of the file /index.php. The manipulation of the session id...