Lucene search
+L

185 matches found

Cvelist
Cvelist
added 3 days ago39 views

CVE-2026-15750 mastergo-design mastergo-magic-mcp mcp__getComponentLink get-component-link.ts z.string server-side request forgery

A weakness has been identified in mastergo-design mastergo-magic-mcp up to 0.2.0. Impacted is the function z.string of the file src/tools/get-component-link.ts of the component mcpgetComponentLink. Executing a manipulation of the argument url can lead to server-side request forgery. The attack ma...

7.5CVSS0.00227EPSS
Exploits0References6
NVD
NVD
added 3 days ago7 views

CVE-2026-15627

A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This vulnerability affects the function handleNavigate of the file pkg/browser/tool.go. Such manipulation of the argument args.targetUrl leads to information disclosure. The attack may be performed from remote. The...

5.3CVSS0.00246EPSS
Exploits0References7
NVD
NVD
added 2026/07/03 8:16 p.m.12 views

CVE-2026-14607

A weakness has been identified in RT-Thread up to 5.0.2. This affects the function sysgetaddrinfo of the file components/lwp/lwpsyscall.c. Executing a manipulation of the argument aiaddr can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to...

6.8CVSS0.00119EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/03 7:45 p.m.7 views

CVE-2026-14607

A weakness has been identified in RT-Thread up to 5.0.2. This affects the function sysgetaddrinfo of the file components/lwp/lwpsyscall.c. Executing a manipulation of the argument aiaddr can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to...

6.8CVSS5.4AI score0.00119EPSS
Exploits0References7
CVE
CVE
added 2026/07/03 7:45 p.m.19 views

CVE-2026-14607

CVE-2026-14607 affects RT-Thread up to 5.0.2, specifically the sys_getaddrinfo implementation in components/lwp/lwp_syscall.c. Manipulating the ai_addr argument can cause memory corruption; exploit public and local access required. A fix is being prepared in a pull request (RT-Thread/rt-thread#11...

6.8CVSS5.6AI score0.00119EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.10 views

CVE-2026-8345

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05R1B011D88210. Affected by this issue is the function sub445E7C of the file /goform/singlePortForward. Such manipulation of the argument ipaddress leads to command injection. It is possible to launch the attack remotely. The...

8.8CVSS6.4AI score0.03156EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/24 10:0 a.m.13 views

CVE-2026-9372

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is...

7.5CVSS6.7AI score0.00278EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/15 9:29 p.m.28 views

CVE-2026-45317

CVE-2026-45317 describes an application-wide CSRF vector in Open WebUI’s image handling prior to 0.9.3. An authenticated user can influence image URL rendering so that viewing a compromised image causes the user’s browser to issue GET requests to an attacker-controlled URL, potentially leaking co...

4.6CVSS5.8AI score0.00165EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/05/12 12:17 a.m.18 views

CVE-2026-8346

A vulnerability was detected in D-Link DIR-816 1.10CNB05R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ipaddress results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...

8.8CVSS0.03095EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/10 4:30 a.m.12 views

CVE-2026-8230

A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function syslogin1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. Th...

6.5CVSS6.4AI score0.04944EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.22 views

PT-2026-39456

A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function sys login1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. T...

6.5CVSS6.4AI score0.04944EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/07 6:30 p.m.13 views

EUVD-2026-28403

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

6.5CVSS5.3AI score0.00215EPSS
Exploits0References5
CVE
CVE
added 2026/05/01 1:15 a.m.13 views

CVE-2026-7536

Open5GS BSF component (pcfBindings, function bsf_sess_add_by_ip_address in /nbsf-management/v1/pcfBindings) is affected up to version 2.7.7. Manipulating the ipv4Addr argument can cause a denial of service, with the attack executable remotely. The exploit has been publicly disclosed, and the Open...

6.9CVSS5.5AI score0.0038EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/01 1:15 a.m.6 views

EUVD-2026-26469

A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsfsessaddbyipaddress of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a manipulation of the argument ipv4Addr can lead to denial of service. The attack can be launched...

6.9CVSS5.6AI score0.0038EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.7 views

PT-2026-36290

A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsf sess add by ip address of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a manipulation of the argument ipv4Addr can lead to denial of service. The attack can be launched...

6.9CVSS5.7AI score0.0038EPSS
Exploits0References6
NVD
NVD
added 2026/04/28 7:16 a.m.5 views

CVE-2026-7234

A weakness has been identified in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of the file scripts/componentserver/server.js. Executing a manipulation of the argument request.url can lead to path traversal. The attack can be launched remotely. The exploit...

7.5CVSS0.00428EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/26 11:0 p.m.5 views

CVE-2026-7065 BidingCC BuildingAI Remote Upload API file-storage.service.ts uploadRemoteFile server-side request forgery

A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the component Remote Upload API. The manipulation of the argument url leads to server-side request forgery...

7.5CVSS7AI score0.00294EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.12 views

PT-2026-33712

Name of the Vulnerable Software and Affected Versions modelscope agentscope versions prior to 1.0.19 Description A server-side request forgery SSRF exists in the process audio block function within the file src/agentscope/agent/ agent base.py. This issue allows a remote attacker to perform the...

7.5CVSS7AI score0.00284EPSS
Exploits0References12
NVD
NVD
added 2026/04/03 4:16 p.m.7 views

CVE-2026-5470

A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context Protoc...

6.5CVSS0.00206EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.8 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.67 and 9.7.0-alpha.11. These vulnerabilities stemmed from a flaw where attackers could...

9.1CVSS5.8AI score0.00277EPSS
Exploits0References5
Rows per page
Query Builder