Lucene search
K

86 matches found

CVE
CVE
added 4 hours ago10 views

CVE-2026-15628

The CVE-2026-15628 affects zhayujie chatgpt-on-wechat CowAgent ≤ 2.1.1, specifically the Vision Tool’s Vision._download_to_data_url function. A manipulation of the image argument enables server-side request forgery, allowing remote initiation of attacks. Exploitation is supported by public disclo...

6.5CVSS6.3AI score
Exploits0References8
NVD
NVD
added 4 days ago5 views

CVE-2026-40007

Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the E-language prefix in socket data, with no depth limit. An unauthenticate...

7.5CVSS0.00278EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/04 11:13 a.m.7 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...

5.3CVSS6AI score0.00522EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 9:31 a.m.6 views

EUVD-2026-39331

A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

6.4CVSS5.8AI score0.00349EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 11:7 a.m.7 views

BIT-NIFI-2026-44913 Apache NiFi: Improper Escaping of Table Names in CaptureChangeMySQL

Improper escaping of database table names in the CaptureChangeMySQL Processor included with Apache NiFi 1.2.0 through 2.9.0 allows for injecting SQL commands using crafted naming. Manual quoted boundaries added in Apache NiFi 1.8.0 narrowed the scope of potential injection options, but did not...

7.2CVSS5.9AI score0.00385EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/15 2:23 p.m.8 views

CVE-2026-5038 multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads

Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe call does not propagate the stream destroy signal to the...

5.3CVSS5.4AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 7:32 a.m.41 views

CVE-2026-25688 Apache Answer: XSS in AI Answer Rendering

Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content was viewed. Users are...

0.00406EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-5998

A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file agent/memory/service.py of the component API Memory Content Endpoint. This manipulation of the argument filename causes path traversal. The attack can be initiated remotely. Th...

6.9CVSS5.4AI score0.00632EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/28 12:38 p.m.11 views

Relative Path Traversal

Overview org.apache.ignite:ignite-core is a memory-centric distributed database, caching, and processing platform for transactional, analytical, and streaming workloads delivering in-memory speeds at petabyte scale. Affected versions of this package are vulnerable to Relative Path Traversal via t...

8.5CVSS5.9AI score0.00526EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.21 views

Unity Linux 20.1070e Security Update: datanucleus-core (UTSA-2026-016737)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016737 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

10CVSS7.3AI score0.99999EPSS
Exploits352References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: xmlgraphics-commons (UTSA-2026-016739)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016739 advisory. Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a...

8.2CVSS5.9AI score0.0665EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in python-urllib3

urllib3 is a HTTP client library for Python. The streaming API of urllib3 is designed for efficiently handling large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS6.7AI score0.02667EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 3:31 a.m.6 views

GHSA-FXVJ-WQV2-XGCQ AMF Improperly Restricts Operations within the Bounds of a Memory Buffer

A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly...

5.3CVSS5.4AI score0.00303EPSS
Exploits0References8
NVD
NVD
added 2026/05/18 2:16 a.m.23 views

CVE-2026-8779

A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly...

5.3CVSS0.00303EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/18 1:45 a.m.10 views

CVE-2026-8781

A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and ma...

5.3CVSS5.5AI score0.00303EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:45 a.m.10 views

CVE-2026-8274

A security vulnerability has been detected in npitre cramfs-tools up to 2.1. Affected is the function dodirectory of the file cramfsck.c of the component Directory Handler. Such manipulation leads to path traversal. The attack can only be performed from a local environment. The exploit has been...

5.3CVSS5.6AI score0.00173EPSS
Exploits0References8Affected Software1
Snyk
Snyk
added 2026/05/01 11:26 a.m.7 views

Deserialization of Untrusted Data

Overview org.apache.mina:mina-core is a network application framework which helps users develop high performance and high scalability network applications easily. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the IoBuffer.getObject function. An attacker...

9.8CVSS7.4AI score0.00657EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/01 12:45 a.m.3 views

CVE-2026-7519 Fujian Apex LiveBOS Endpoint UploadImage.do path traversal

A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImage.do of the component Endpoint. Such manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to t...

7.5CVSS6.6AI score0.00418EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/01 12:45 a.m.7 views

EUVD-2026-26467

A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImage.do of the component Endpoint. Such manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to t...

7.5CVSS5.1AI score0.00418EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/14 11:41 p.m.4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the VerifyTimestampResponse function when a forged certificate is prepended to the certificate bag. An attacker can bypass authorization checks by supplying a payload where the signature is validated...

6.7CVSS5.3AI score0.00099EPSS
Exploits0References2
Rows per page
Query Builder