Lucene search
K

9 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/02 2:26 a.m.11 views

CVE-2026-57278

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.0028EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/30 5:16 p.m.10 views

CVE-2026-58170

Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory without sanitization agent/src/live/mandate/commit.py. A proposal identifier containing path traversal sequences causes the application to load an...

8.3CVSS0.00416EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

WWBN AVideo 代码注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained a code injection vulnerability. This vulnerability stemmed from the WebSocket server in the YPTSocket plugin, which forwarded JSON messages provided by attackers...

10CVSS6.1AI score0.00645EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/08 1:21 a.m.6 views

CVE-2026-25632

EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field...

10CVSS5.6AI score0.00657EPSS
Exploits0References1
CVE
CVE
added 2026/02/06 8:24 p.m.20 views

CVE-2026-25632

EPyT-Flow (Python) prior to version 0.16.1 is affected by a deserialization vulnerability in its REST API. The issue stems from a custom deserializer (my_load_from_json) that honors a type field, allowing attacker-supplied module/class imports and instantiation during JSON parsing, which can trig...

10CVSS5.7AI score0.00657EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-7326

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00615EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7394

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00615EPSS
Exploits1References4
Ubuntu
Ubuntu
added 2025/07/21 12:5 p.m.10 views

USN-7657-1: jq vulnerabilities

It was discovered that jq incorrectly handled certain values when parsing JSON data. A remote attacker could possibly use this issue to cause jq to crash, resulting in a denial of service. CVE-2024-23337 It was discovered that jq incorrectly handled NaN values when parsing JSON data. A remote...

8.7CVSS7AI score0.00446EPSS
Exploits3
Vulnrichment
Vulnrichment
added 2022/11/03 12:0 a.m.7 views

CVE-2022-41714 fastest-json-copy 1.0.1 - Prototype Pollution

fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

5.3AI score0.00615EPSS
Exploits1References2
Rows per page
Query Builder