CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

58 matches found

CVE-2026-47214 Docling: Unsafe URI and Path Handling in HTML Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS0.00041EPSS

Exploits0References2

EUVD•added 5 days ago•6 views

EUVD-2026-38372

Capgo backend Supabase edge functions before 12.128.2 does not apply the global authentication middleware to the GET /private/rolebindings/:orgid endpoint, unlike the POST and DELETE rolebindings routes, so unauthenticated requests reach the handler instead of being rejected at the middleware...

6.9CVSS5.9AI score0.00322EPSS

Exploits0References2

EUVD•added 2026/05/19 12:46 a.m.•14 views

EUVD-2026-30817

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...

7.6CVSS6AI score0.0023EPSS

Exploits0References2

OSV•added 2026/05/11 2:4 p.m.•6 views

GHSA-JXWR-G6R6-J3FX Open WebUI's Insecure Message Access Breaks Authorization

Description There's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability exists in the message update and delete endpoints, which implement channel-level authorization but...

7.1CVSS5.8AI score0.00266EPSS

Exploits1References3

Github Security Blog•added 2026/04/30 8:55 p.m.•13 views

Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets)

Summary Four GET endpoints under /api/templates in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full Compose YAML and .env content of every custom template stored in the instance. Because Arcane's UI expose...

8.7CVSS5.5AI score0.00309EPSS

Exploits0References4Affected Software1

CNNVD•added 2026/04/20 12:0 a.m.•8 views

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.8.3 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the function removeapikeys/hasapiterms found in...

5.1CVSS5.7AI score0.0032EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:33 p.m.•8 views

CVE-2023-31860

Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system...

5.4CVSS6AI score0.00384EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2021-1091

Malware in sbrugna...

7.5CVSS7.4AI score0.00998EPSS

Exploits0References8

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-35723