CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

119 matches found

RedhatCVE•added 2026/04/20 5:46 a.m.•1 views

CVE-2026-6587

A flaw was found in vibrantlabsai RAGAS. A remote attacker can exploit a server-side request forgery SSRF vulnerability by manipulating the retrievedcontexts argument within the tryprocesslocalfile or tryprocessurl functions. This manipulation allows the attacker to induce the server to make...

8.1CVSS5.8AI score0.00014EPSS

Exploits0References7

EUVD•added 2026/04/20 12:30 a.m.•2 views

EUVD-2026-23727

A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function tryprocesslocalfile/tryprocessurl of the file src/ragas/metrics/collections/multimodalfaithfulness/util.py of the component Collections Module. Performing a manipulation of the argument...

7.5CVSS5.4AI score0.00029EPSS

Exploits1References5

OSV•added 2026/04/13 12:29 p.m.•1 views

OPENSUSE-SU-2026:20519-1 Security update for nodejs24

This update for nodejs24 fixes the following issues: Update to version 24.14.1. Security issues fixed: - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716:...

7.5CVSS6.8AI score0.00062EPSS

Exploits0References18

EUVD•added 2026/03/30 6:31 p.m.•2 views

EUVD-2026-17093

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

5.7CVSS6.2AI score0.00039EPSS

Exploits0References3

NVD•added 2026/03/30 4:16 p.m.•2 views

CVE-2026-21712

5.7CVSS0.00039EPSS

Exploits0References2

OSV•added 2026/03/30 4:16 p.m.•1 views

UBUNTU-CVE-2026-21712

5.7CVSS5.8AI score0.00039EPSS

Exploits0References3

CVE•added 2026/03/30 3:13 p.m.•10 views

CVE-2026-21712

CVE-2026-21712 affects the Node.js package nodejs24 for versions less than 24.14.1-1 . The issue is a flaw in Node.js URL processing that triggers an assertion failure in native code when url.format() is called with a malformed internationalized domain name (IDN) containing invalid characters, cr...

5.7CVSS6.2AI score0.00039EPSS

Exploits0References2

Vulnrichment•added 2026/03/30 3:13 p.m.•1 views

CVE-2026-21712

5.7CVSS6.2AI score0.00039EPSS

Exploits0References2

Tenable Nessus•added 2026/03/25 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2026-21712

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN...

5.7CVSS6.8AI score0.00039EPSS

Exploits0References3

CNNVD•added 2026/02/25 12:0 a.m.•5 views

Angular 输入验证错误漏洞

Angular is an open-source development platform created by Angular. It is used to build mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions of Angular prior to 19.2.21, 20.3.17, 21.1.5, and 21.2.0-rc.1 contained a vulnerability related to input validation...

6.9CVSS5.8AI score0.00061EPSS

Exploits0References4

Positive Technologies•added 2026/01/01 12:0 a.m.•3 views

PT-2026-29037

Name of the Vulnerable Software and Affected Versions Node.js affected versions not specified Description A flaw in Node.js URL processing can lead to an assertion failure in native code when the url.format function is invoked with a malformed internationalized domain name IDN containing invalid...

7.5CVSS6.7AI score0.00062EPSS

Exploits0References43

Positive Technologies•added 2025/10/09 12:0 a.m.•6 views

PT-2025-41454

Name of the Vulnerable Software and Affected Versions New API versions prior to 0.9.0.5 Description New API is a large language model LLM gateway and artificial intelligence AI asset management system. An authenticated Server-Side Request Forgery SSRF issue exists because the application does not...

8.5CVSS5.9AI score0.00047EPSS

Exploits0References11

Snyk•added 2025/10/07 10:8 p.m.•5 views

Server-side Request Forgery (SSRF)

Overview llamafactory is an Easy-to-use LLM fine-tuning framework Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the processrequest function, which processes incoming content URLs without proper validation or sanitization. An attacker can access internal...

8.1CVSS6.6AI score0.00067EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2002-2195

Malware in sbrugna...

5CVSS6.4AI score0.00306EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-4672

Malware in sbrugna...

8.4CVSS8.1AI score0.00538EPSS

Exploits1References11