CVE-2026-3189

A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be executed remotely. Attacks ...

CVE-2026-3188

A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a manipulation of the argument templateName results in path traversal. Remote exploitation of the...

EUVD-2026-8689

A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a manipulation of the argument templateName results in path traversal. Remote exploitation of the...

CVE-2026-3188

A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a manipulation of the argument templateName results in path traversal. Remote exploitation of the...

CVE-2026-3187

A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this issue is some unknown functionality of the file /api/admin/sys-file/upload of the component API Endpoint. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The explo...

CVE-2026-3185

Technical details are not publicly available in the provided connected documents. Monitor for updates on CVE-2026-3185 for new information, including affected versions, affected components, impact, and remediation.

CVE-2023-43803

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

CVE-2025-14038

EDB Hybrid Manager contains a flaw that allows an unauthenticated attacker to directly access certain gRPC endpoints. This could allow an attacker to read potentially sensitive data or possibly cause a denial-of-service by writing malformed data to certain gRPC endpoints. This flaw has been...

CVE-2025-14038

EDB Hybrid Manager contains a flaw that allows an unauthenticated attacker to directly access certain gRPC endpoints. This could allow an attacker to read potentially sensitive data or possibly cause a denial-of-service by writing malformed data to certain gRPC endpoints. This flaw has been...

CVE-2025-14038

EDB Hybrid Manager contains a flaw that allows an unauthenticated attacker to directly access certain gRPC endpoints. This could allow an attacker to read potentially sensitive data or possibly cause a denial-of-service by writing malformed data to certain gRPC endpoints. This flaw has been...

EUVD-2025-203403

EDB Hybrid Manager contains a flaw that allows an unauthenticated attacker to directly access certain gRPC endpoints. This could allow an attacker to read potentially sensitive data or possibly cause a denial-of-service by writing malformed data to certain gRPC endpoints. This flaw has been...

CVE-2025-14038

EDB Hybrid Manager is affected by an unauthenticated-access flaw that allows direct access to certain gRPC endpoints due to a misconfiguration in the Istio Gateway, bypassing authentication and authorization. This can lead to potential data disclosure or denial-of-service by sending malformed dat...

PT-2025-51263

Name of the Vulnerable Software and Affected Versions EDB Hybrid Manager versions prior to 1.3.3 EDB Hybrid Manager - Innovation versions prior to 2025.12 EDB Hybrid Manager - LTS versions prior to 1.3.3 Description EDB Hybrid Manager has a flaw that allows an unauthenticated attacker to access...

PT-2024-30480 · Unknown · Formfacade

Name of the Vulnerable Software and Affected Versions: FormFacade versions 1.3.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. This affects the FormFacade, enabling...

PT-2023-28994 · Arduino · Arduino Create Agent

Name of the Vulnerable Software and Affected Versions: Arduino Create Agent versions prior to 1.3.3 Description: This issue affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhos...

PT-2023-3262 · Kubernetes · Secrets-Store-Csi-Driver

Name of the Vulnerable Software and Affected Versions: secrets-store-csi-driver versions prior to 1.3.3 Description: The issue is related to insufficient protection of registration data in the secrets-store-csi-driver component of Kubernetes. This can allow an attacker to gain unauthorized access...

PT-2016-5899 · Kde +2 · Libksba +2

Name of the Vulnerable Software and Affected Versions: Libksba versions prior to 1.3.3 Description: The issue arises from improper handling of decoder stack overflows in the ber-decoder.c file, allowing remote attackers to cause a denial of service abort by sending crafted BER data...

PT-2016-5902 · Kde +2 · Libksba +2

Name of the Vulnerable Software and Affected Versions: Libksba versions prior to 1.3.3 Description: The issue allows remote attackers to cause a denial of service, specifically an out-of-bounds read, by manipulating the high bit of the byte after invalid utf-8 encoded data in the append utf8 valu...

PT-2016-5900 · Kde +2 · Libksba +2

Name of the Vulnerable Software and Affected Versions: Libksba versions prior to 1.3.3 Description: The issue is caused by an incorrect integer data type used in the ber-decoder.c file, which allows remote attackers to cause a denial of service crash via crafted BER data. This leads to a buffer...