Lucene search
K

10 matches found

CVE
CVE
added yesterday8 views

CVE-2026-14611

DeepMyst Mysti (up to 0.4.0) is affected by a vulnerability in MemoryManager.ts initProjectMemory where manipulating workspacePath can cause resource exposure. The issue is exploitable remotely and is fixed by upgrading to version 0.4.0; the patch is identified as 6d709229b5199f6769fb3cf763e5122d...

5.3CVSS5.5AI score
Exploits0References8
EUVD
EUVD
added yesterday4 views

EUVD-2026-41610

A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attac...

5.3CVSS5.5AI score
Exploits0References8
Snyk
Snyk
added 2026/02/26 12:17 a.m.6 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the factoryClassLocation function. An attacker can achieve arbitrary code execution by provoking the application to read a maliciously...

9.8CVSS6.5AI score0.00812EPSS
Exploits1References2
OSV
OSV
added 2026/02/25 6:20 p.m.2 views

GHSA-M2CM-222F-QW44 mchange-commons-java: Remote Code Execution via JNDI Reference Resolution

Impact mchange-commons-java includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an application to read a maliciously...

8.9CVSS6.2AI score0.00812EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/09/29 8:40 p.m.9 views

Coder AgentAPI exposed user chat history via a DNS rebinding attack

Summary AgentAPI prior to version 0.4.0 was susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. Impact An attacker could have gained access to the /messages endpoint served by the Agent API. This allowed for the unauthorized exfiltration of sensitive user...

6.5CVSS6.3AI score0.00397EPSS
Exploits1References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-52595

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly hand...

7.7CVSS5.4AI score0.00472EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/20 10:51 a.m.1 views

SQL Injection

Overview llama-index-retrievers-duckdb-retriever is a llama-index retrievers duckdb-retriever integration Affected versions of this package are vulnerable to SQL Injection in the retrieve function, which sends an unparameterized SQL query based on user input for the values of "search using string...

9.8CVSS7.9AI score0.01311EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2024/11/22 3:49 a.m.2 views

SUSE CVE-2024-52595

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...

7.7CVSS5.9AI score0.00472EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/19 12:0 a.m.4 views

PT-2024-35391 · Unknown +1 · Lxml Html Clean +1

Name of the Vulnerable Software and Affected Versions: lxml html clean versions prior to 0.4.0 Description: The HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , , and . This behavior deviates from how web browsers parse and interpret such tags...

7.7CVSS6AI score0.00472EPSS
Exploits0References17
Snyk
Snyk
added 2020/08/05 3:36 p.m.2 views

Cross-site Request Forgery (CSRF)

Overview fieldtest is an A/B testing library for Rails. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF with non-session based authentication methods. Remediation Upgrade fieldtest to version 0.4.0 or higher. References - GitHub Issue...

8.8CVSS7.2AI score0.00426EPSS
Exploits0References2
Rows per page
Query Builder