16910 matches found
CVE-2026-3954 OpenBMB XAgent workspace.py workspace path traversal
A weakness has been identified in OpenBMB XAgent 1.0.0. Affected by this vulnerability is the function workspace of the file XAgentServer/application/routers/workspace.py. This manipulation of the argument filename causes path traversal. The attack may be initiated remotely. The exploit has been...
Exploit for CVE-2026-3228
No d...
Out-of-bounds Read
Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
CVE-2026-30972
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2-alpha.10 and 8.6.23, Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint /batch processes sub-requests internally by...
CVE-2026-27216
Substance3D Painter prior to 11.1.3 is affected by an out-of-bounds read vulnerability (CVE-2026-27216) that can lead to memory exposure. The issue affects Painter 11.1.2 and earlier and requires user interaction: a victim must open a malicious file to exploit it. Multiple connected sources (Red ...
Adobe Substance3D Painter 代码问题漏洞
Adobe Substance3D Painter is a 3D scene-building software developed by Adobe, a company based in America. Versions of Adobe Substance3D Painter 11.1.2 and earlier contained a code vulnerability caused by a null pointer dereferencing, which could lead to a denial-of-service attack...
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2026-1288)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-70047
CVE-2025-70047 affects Nexusoft NexusInterface v3.2.0-beta.2. The issue is CWE-400: Uncontrolled Resource Consumption, with a CVSS v3.1 base score of 7.5 (HIGH) and network attack vector, low attack complexity, no privileges required, no user interaction, and availability impact. Root cause detai...
SourceCodester Sales and Inventory System SQL注入漏洞
The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from incorrect operations with the sell...
EUVD-2026-10240
A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file adduser.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has bee...
CVE-2026-28058
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Dixon dixon allows PHP Local File Inclusion.This issue affects Dixon: from n/a through = 1.4.2.1...
PT-2026-23402
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AndonDesign UDesign u-design allows Reflected XSS.This issue affects UDesign: from n/a through = 4.14.0...
CVE-2026-26891
Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manageparceltype.php...
CVE-2026-26889
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/managecategory.php...
PT-2026-22720
Name of the Vulnerable Software and Affected Versions mailparser versions prior to 3.9.3 Description The package mailparser is susceptible to Cross-site Scripting XSS due to insufficient sanitization of URLs within email content. Specifically, the textToHtml function does not properly handle URLs...
PT-2026-22949
Name of the Vulnerable Software and Affected Versions Craft versions prior to 4.17.0-beta.1 and 5.9.0-beta.1 Description A security issue exists that allows an authenticated administrator to execute arbitrary code. This is possible by injecting a Server-Side Template Injection SSTI payload into...
Untrusted Search Path
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Untrusted Search Path via the system.run execution. An attacker can execute an unintended or malicious executable by altering the PATH resolution after approval, causing a different binar...
EUVD-2026-9059
phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint...
PT-2026-22324
Name of the Vulnerable Software and Affected Versions Johnson Controls Frick Controls Quantum HD versions prior to 10.22 Description A flaw exists in Johnson Controls Frick Controls Quantum HD that allows for the execution of code remotely without authentication. This is due to insufficient...
CVE-2026-0752
CVE-2026-0752 concerns GitLab CE/EE where an unauthenticated user could inject arbitrary scripts into the Mermaid sandbox UI under certain circumstances. The issue affected all versions 16.2 up to but not including 18.7.5, all 18.8 releases before 18.8.5, and all 18.9 releases before 18.9.1. GitL...