Lucene search
+L

624 matches found

OSV
OSV
added 2026/05/08 4:27 p.m.34 views

GHSA-45C6-75P6-83CC fast-xml-builder Comment Value regex can be bypassed

Summary The fix for https://github.com/advisories/GHSA-gh4j-gqv2-49f6 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and inject...

6.1CVSS6AI score0.00194EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

PraisonAI 路径遍历漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.6.37 contained a path traversal vulnerability. This vulnerability stemmed from the safeextractall helper function not verifying the linkname of members and not rejecting...

8.7CVSS5.9AI score0.00433EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/05 7:13 p.m.8 views

AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Authenticated Users' Profile Photos with Arbitrary Content

Summary objects/userSavePhoto.php is a legacy profile-photo endpoint that accepts a base64 POST parameter and writes the decoded bytes to videos/userPhoto/photo.png. Its only access control is User::isLogged. It does not end in .json.php, so it is excluded from the project's global autoCSRFGuard...

5.4CVSS6.1AI score0.00121EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/05 12:16 p.m.13 views

CVE-2026-43526

OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...

9.3CVSS0.00251EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/05 11:24 a.m.6 views

EUVD-2026-27263

OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...

8.3CVSS5.9AI score0.00251EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.42 views

CVE-2026-43526 OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling

OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...

8.3CVSS0.00251EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:24 a.m.3 views

CVE-2026-43526

OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...

8.3CVSS5.9AI score0.00251EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.12 views

PT-2026-37012

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.12 Description An issue exists in the QQBot reply media URL handling that allows server-side request forgery SSRF, a flaw where a server is tricked into making requests to an unintended location. Attackers can...

8.3CVSS5.9AI score0.00251EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.10 views

PT-2026-32019

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 Description Chamilo LMS is a learning management system. Authenticated users, including students, can write arbitrary content to files on the server through the BigUpload endpoint. The key parameter contro...

7.1CVSS6AI score0.0042EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/04 4:59 a.m.5 views

CVE-2026-28373

The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem...

9.6CVSS6AI score0.00421EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/30 7:18 p.m.11 views

EUVD-2026-16756

Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin...

8.7CVSS6AI score0.00318EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/28 11:10 p.m.5 views

CVE-2026-34386

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...

8.7CVSS6AI score0.00318EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.7 views

SUSE CVE-2026-33221

Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type,...

5.3CVSS5.8AI score0.00173EPSS
Exploits0References3
CVE
CVE
added 2026/02/20 3:46 p.m.13 views

CVE-2025-69385

CVE-2025-69385 : Missing Authorization vulnerability in Cartify (WordPress Theme) allows exploitation of misconfigured access control. Affected: Cartify – WooCommerce Gutenberg WordPress Theme, versions n/a through 1.3. Public details in connected sources describe an Arbitrary Content Deletion im...

6.5CVSS5.5AI score0.00279EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.4 views

CVE-2025-67994 WordPress YayCurrency plugin <= 3.3 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayCurrency: from n/a through = 3.3...

7.5CVSS5.3AI score0.00323EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.13 views

CVE-2025-67994

CVE-2025-67994 is a confirmed Missing Authorization vulnerability in the WordPress plugin YayCurrency (YayCommerce YayCurrency) affecting YayCurrency versions up to and including 3.3, allowing unauthorized content deletion. Red Hat/NVD/NVD-derived and CVE databases reference the same issue; Wordf...

7.5CVSS5.5AI score0.00323EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/09 7:49 a.m.10 views

WordPress YayCurrency plugin <= 3.3 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Plugin YayCurrency versions = 3.3...

7.5CVSS5.5AI score0.00323EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/09 7:48 a.m.7 views

WordPress Cartify - WooCommerce Gutenberg WordPress Theme theme <= 1.3 - Arbitrary Content Deletion vulnerability

WordPress Cartify - WooCommerce Gutenberg WordPress Theme theme = 1.3 - Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Theme Cartify - WooCommerce Gutenberg WordPress Theme versions = 1.3...

6.5CVSS5.4AI score0.00279EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/02/03 10:1 p.m.26 views

CVE-2020-37073

Victor CMS 1.0 has an authenticated file-upload flaw in the user_image parameter. The vulnerability allows an administrator to upload arbitrary PHP files (a PHP shell) to the /img/ directory, enabling command execution when the uploaded file is accessed with a cmd parameter. The issue is describe...

8.8CVSS5.8AI score0.00471EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.12 views

PT-2026-6425

Summary A critical vulnerability has been identified in CI4MS that allows an authenticated user with file editor permissions to achieve Remote Code Execution RCE. By leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server. Vulnerability...

9.9CVSS6.6AI score0.00805EPSS
Exploits1References5
Rows per page
Query Builder