Lucene search
K

16910 matches found

Cvelist
Cvelist
added 2026/03/11 8:2 p.m.37 views

CVE-2026-3954 OpenBMB XAgent workspace.py workspace path traversal

A weakness has been identified in OpenBMB XAgent 1.0.0. Affected by this vulnerability is the function workspace of the file XAgentServer/application/routers/workspace.py. This manipulation of the argument filename causes path traversal. The attack may be initiated remotely. The exploit has been...

6.9CVSS0.00479EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/03/11 1:40 p.m.167 views

Exploit for CVE-2026-3228

No d...

6.4CVSS5.8AI score0.04279EPSS
Exploits1
Snyk
Snyk
added 2026/03/10 9:2 p.m.4 views

Out-of-bounds Read

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

8.2CVSS5.8AI score0.00258EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 8:48 p.m.6 views

CVE-2026-30972

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2-alpha.10 and 8.6.23, Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint /batch processes sub-requests internally by...

6.9CVSS5.8AI score0.00342EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/10 6:47 p.m.10 views

CVE-2026-27216

Substance3D Painter prior to 11.1.3 is affected by an out-of-bounds read vulnerability (CVE-2026-27216) that can lead to memory exposure. The issue affects Painter 11.1.2 and earlier and requires user interaction: a victim must open a malicious file to exploit it. Multiple connected sources (Red ...

5.5CVSS5.8AI score0.00142EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.10 views

Adobe Substance3D Painter 代码问题漏洞

Adobe Substance3D Painter is a 3D scene-building software developed by Adobe, a company based in America. Versions of Adobe Substance3D Painter 11.1.2 and earlier contained a code vulnerability caused by a null pointer dereferencing, which could lead to a denial-of-service attack...

5.5CVSS5.9AI score0.0013EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2026/03/10 12:0 a.m.3 views

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2026-1288)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS5.8AI score0.00755EPSS
Exploits3References2
CVE
CVE
added 2026/03/09 12:0 a.m.13 views

CVE-2025-70047

CVE-2025-70047 affects Nexusoft NexusInterface v3.2.0-beta.2. The issue is CWE-400: Uncontrolled Resource Consumption, with a CVSS v3.1 base score of 7.5 (HIGH) and network attack vector, low attack complexity, no privileges required, no user interaction, and availability impact. Root cause detai...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/09 12:0 a.m.7 views

SourceCodester Sales and Inventory System SQL注入漏洞

The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from incorrect operations with the sell...

8.8CVSS6.7AI score0.00368EPSS
Exploits1References6
EUVD
EUVD
added 2026/03/08 3:30 p.m.4 views

EUVD-2026-10240

A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file adduser.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has bee...

6.5CVSS6.3AI score0.00254EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:54 a.m.4 views

CVE-2026-28058

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Dixon dixon allows PHP Local File Inclusion.This issue affects Dixon: from n/a through = 1.4.2.1...

5.9AI score0.00403EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.10 views

PT-2026-23402

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AndonDesign UDesign u-design allows Reflected XSS.This issue affects UDesign: from n/a through = 4.14.0...

5.9AI score0.00146EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/04 1:57 a.m.5 views

CVE-2026-26891

Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manageparceltype.php...

2.7CVSS6AI score0.003EPSS
Exploits1References1
NVD
NVD
added 2026/03/03 8:16 p.m.6 views

CVE-2026-26889

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/managecategory.php...

2.7CVSS0.00284EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.8 views

PT-2026-22720

Name of the Vulnerable Software and Affected Versions mailparser versions prior to 3.9.3 Description The package mailparser is susceptible to Cross-site Scripting XSS due to insufficient sanitization of URLs within email content. Specifically, the textToHtml function does not properly handle URLs...

6.1CVSS6.1AI score0.00311EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.15 views

PT-2026-22949

Name of the Vulnerable Software and Affected Versions Craft versions prior to 4.17.0-beta.1 and 5.9.0-beta.1 Description A security issue exists that allows an authenticated administrator to execute arbitrary code. This is possible by injecting a Server-Side Template Injection SSTI payload into...

9.4CVSS6.2AI score0.01067EPSS
Exploits1References9
Snyk
Snyk
added 2026/03/02 10:3 p.m.4 views

Untrusted Search Path

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Untrusted Search Path via the system.run execution. An attacker can execute an unintended or malicious executable by altering the PATH resolution after approval, causing a different binar...

8.7CVSS5.8AI score0.00091EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/27 9:1 p.m.7 views

EUVD-2026-9059

phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.8 views

PT-2026-22324

Name of the Vulnerable Software and Affected Versions Johnson Controls Frick Controls Quantum HD versions prior to 10.22 Description A flaw exists in Johnson Controls Frick Controls Quantum HD that allows for the execution of code remotely without authentication. This is due to insufficient...

9.8CVSS6.2AI score0.00626EPSS
Exploits0References8
CVE
CVE
added 2026/02/25 8:5 p.m.28 views

CVE-2026-0752

CVE-2026-0752 concerns GitLab CE/EE where an unauthenticated user could inject arbitrary scripts into the Mermaid sandbox UI under certain circumstances. The issue affected all versions 16.2 up to but not including 18.7.5, all 18.8 releases before 18.8.5, and all 18.9 releases before 18.9.1. GitL...

8CVSS5.6AI score0.00309EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder