CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

50 matches found

CVE-2026-41552

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF...

9.2CVSS5.5AI score0.00042EPSS

Exploits0References1

Vulnrichment•added 2026/05/16 5:0 a.m.•5 views

CVE-2026-8657

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch and jsondiffpatch/formatters/jsonpatch.patch APIs. An attacker can perform prototype pollution by supplying crafted delta or JSON Patch documents, as attacker-controlled property...

8.8CVSS5.8AI score0.00066EPSS

Exploits0References7

Positive Technologies•added 2026/05/16 12:0 a.m.•8 views

PT-2026-41422

Name of the Vulnerable Software and Affected Versions jsondiffpatch versions prior to 0.7.6 Description Prototype Pollution occurs when attacker-controlled property names and path segments are used to traverse and modify objects without restricting access to special properties like proto or...

8.8CVSS5.8AI score0.00066EPSS

Exploits0References12

CNNVD•added 2026/05/16 12:0 a.m.•6 views

jsondiffpatch 跨站脚本漏洞

jsondiffpatch is a software developed by Benjamín Eidelman, designed for differentiating and patching JavaScript object functions. Versions of jsondiffpatch prior to 0.7.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of JSON values and property...

6.1CVSS5.6AI score0.00031EPSS

Exploits0References2

NVD•added 2026/05/15 1:16 p.m.•9 views

CVE-2026-41553

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed...

10CVSS0.00335EPSS

Exploits0References2

NVD•added 2026/05/15 1:16 p.m.•7 views

CVE-2026-41552

9.2CVSS0.00042EPSS

Exploits0References2

ATTACKERKB•added 2026/05/15 12:31 p.m.•6 views

CVE-2026-41553

10CVSS6AI score0.00335EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/15 12:31 p.m.•10 views

CVE-2026-41553 Remote Code Execution in PDF Export Module

10CVSS6AI score0.00335EPSS

Exploits0References2

Cvelist•added 2026/05/15 12:31 p.m.•33 views

CVE-2026-41553 Remote Code Execution in PDF Export Module

10CVSS0.00335EPSS

Exploits0References2

Vulnrichment•added 2026/05/15 12:31 p.m.•6 views

CVE-2026-41552 Path Traversal in PDF Export Module

9.2CVSS5.8AI score0.00042EPSS

Exploits0References2

CVE•added 2026/05/15 12:31 p.m.•11 views

CVE-2026-41552

PDF Export Module used in DHTMLX’s Gantt and Scheduler is vulnerable to path traversal due to insufficient HTML sanitization. An unauthenticated user could craft a payload that references local server files and renders them in the generated PDF. The issue is fixed in PDF Export Module version 0.7...

9.2CVSS5.8AI score0.00042EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/15 12:31 p.m.•8 views

EUVD-2026-30538

9.2CVSS5.8AI score0.00153EPSS

Exploits0References2

Cvelist•added 2026/05/15 12:31 p.m.•35 views

CVE-2026-41552 Path Traversal in PDF Export Module

9.2CVSS0.00042EPSS

Exploits0References2

Positive Technologies•added 2026/05/15 12:0 a.m.•6 views

PT-2026-41295

9.2CVSS5.8AI score0.00042EPSS

Exploits0References3

RedhatCVE•added 2026/03/26 3:2 p.m.•1 views

CVE-2026-32231

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channel trusts caller-supplied identity fields sender, chatid from the request body and applies authorization checks to those untrusted values. Because authentication is optional and defaults to disabled authtoken: None, an...

8.2CVSS6AI score0.00049EPSS

Exploits1References1

NVD•added 2026/03/12 7:16 p.m.•1 views

CVE-2026-32232

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6...

9.8CVSS0.00114EPSS

Exploits1References2

CVE•added 2026/03/12 6:24 p.m.•12 views

CVE-2026-32232

CVE-2026-32232 affects ZeptoClaw (pre-0.7.6). The vulnerability combines Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass, allowing workspace boundary bypass during path validation and subsequent I/O. The issue is fixed in 0.7.6. Affected behavior in...

9.8CVSS5.8AI score0.00114EPSS

Exploits1References2Affected Software1

OSV•added 2026/03/12 6:22 p.m.•1 views

CVE-2026-32231 ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data

8.2CVSS5.9AI score0.00049EPSS

Exploits1References6

Positive Technologies•added 2026/03/12 12:0 a.m.•2 views

PT-2026-25042

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channel trusts caller-supplied identity fields sender, chat id from the request body and applies authorization checks to those untrusted values. Because authentication is optional and defaults to disabled auth token: None, ...

8.2CVSS5.9AI score0.00049EPSS

Exploits1References8

Positive Technologies•added 2026/03/12 12:0 a.m.•1 views

PT-2026-25043

CVE-2026-32232 ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This… https://t.co/rVG7NT7AHt...

9.3CVSS5.8AI score0.00114EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by