Lucene search
K

6853 matches found

OSV
OSV
added 4 days ago4 views

PYSEC-2026-914 Reddit Terminal Viewer (RTV) vulnerable to argument injection attacks

scripts/inspectwebbrowser.py in Reddit Terminal Viewer RTV 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS6AI score0.0122EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-41823

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

9.1CVSS5.9AI score0.01569EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-40047

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

5.9AI score0.01569EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-40047 Apache Camel: Camel-Docling: Insufficient validation of custom CLI arguments enables argument injection and path traversal in DoclingProducer

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

0.01569EPSS
Exploits1References1
CVE
CVE
added 4 days ago13 views

CVE-2026-40047

CVE-2026-40047 concerns Apache Camel’s camel-docling: Insufficient validation of custom CLI arguments allows argument injection and path traversal in DoclingProducer. The issue arises when unvalidated values in CamelDoclingCustomArguments (or path-bearing headers) reach the external docling tool ...

9.1CVSS5.9AI score0.01569EPSS
Exploits1References2Affected Software1
NVD
NVD
added 4 days ago7 views

CVE-2026-14783

A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skillview of the file tools/skillstool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly...

5.3CVSS0.00333EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-55881

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.15.0 through 4.18.2 Description An argument injection issue exists in the Apache Camel Docling component. The component uses java.lang.ProcessBuilder to execute the external docling command-line tool. When custom CLI...

9.1CVSS6AI score0.01569EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-14768

A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument loc causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-14756 code-projects Hotel and Tourism Reservation Tour Management add_tour.php sql injection

A vulnerability was found in code-projects Hotel and Tourism Reservation 1.0. Affected by this issue is some unknown functionality of the file /admin/addtour.php of the component Tour Management Page. The manipulation of the argument deleteimage results in sql injection. The attack may be launche...

7.5CVSS0.00269EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-14750

A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notescontroller::accessingdictionaryauthorization of the file application/PHP/objects/notes/accessingdictionaryauthorization.php. The manipulation of the...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
Snyk
Snyk
added 5 days ago7 views

Authorization Bypass Through User-Controlled Key

Overview langgraph is a Building stateful, multi-actor applications with LLMs Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a key collision in the defaultcachekey and freeze functions of langgraph/internal/cache.py, where freeze reduce...

4.2CVSS6AI score0.0016EPSS
Exploits0References2
CVE
CVE
added 5 days ago17 views

CVE-2026-14736

Ruijie RG-UAC up to version 1.0-R1.8.2.p5 contains a vulnerability in an unknown function of file user_auth_commit.php. Manipulating the upload_image argument allows unrestricted file upload, enabling remote exploitation. The vulnerability is publicly disclosed and could be used by attackers. No ...

7.5CVSS6.6AI score0.00452EPSS
Exploits0References5
NVD
NVD
added 5 days ago9 views

CVE-2026-14721

A vulnerability has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects an unknown function of the file /goform/ConfigWirelessBase5g of the component Web Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack is possible to be carried o...

9CVSS0.00447EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago10 views

EUVD-2026-41736

A vulnerability was determined in AD-Security ADMiner 1.9.0. Affected is the function requesta of the file adminer/scripts/analysecache.py of the component Cache Handler. This manipulation of the argument sys.argv1 causes deserialization. The attack can only be executed locally. The pull request ...

5.3CVSS5.8AI score0.00121EPSS
Exploits0References7
NVD
NVD
added 5 days ago7 views

CVE-2026-14704

A vulnerability was found in stephen-kruger bluebox up to 4.5.12. Affected by this vulnerability is an unknown functionality. Performing a manipulation of the argument code results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could ...

5.3CVSS0.00282EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-14704

A vulnerability was found in stephen-kruger bluebox up to 4.5.12. Affected by this vulnerability is an unknown functionality. Performing a manipulation of the argument code results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could ...

5.3CVSS4.4AI score0.00282EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago12 views

PT-2026-55791

Name of the Vulnerable Software and Affected Versions code-projects Real State Services version 1.0 Description A remote SQL injection exists in the /addprojectrent.php file. The issue occurs when the amen variable is manipulated, allowing an attacker to execute arbitrary SQL commands on the...

7.5CVSS7.4AI score0.00269EPSS
Exploits0References9
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-41684

A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the library application/libraries/ShoppingCart.php. The manipulation of the argument shoppingcart leads to...

8.8CVSS6.6AI score0.00598EPSS
Exploits0References7
CVE
CVE
added 6 days ago17 views

CVE-2026-14635

The CVE-2026-14635 affects kirilkirkov Ecommerce-CodeIgniter-Bootstrap (vendor’s Vendor Multi-Image Endpoint). The flaw arises from path traversal when manipulating the folder argument in the AddProduct.php handler, enabling remote initiation. Public exploit available; no version specifics are pr...

7.5CVSS6.5AI score0.00437EPSS
Exploits0References7
NVD
NVD
added last week9 views

CVE-2026-14459

Improper neutralization of argument delimiters in a command 'argument injection' vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection. This issue affects pardus-software: from = 1.0.4 before 1.0.5...

8.8CVSS0.00198EPSS
Exploits1References1
Rows per page
Query Builder