20393 matches found
CVE-2026-33528
GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at /api/v1/file/content is vulnerable to path traversal. The filename query parameter is passed directly to path.Joincommon.ConfigBasePath, filename where ConfigBasePath =...
Prototype Pollution
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Prototype Pollution via the GSuiteAdmin node parameter. An attacker with permissions to create or modify workflows can execute arbitrary code by supplying crafted parameters that pollute...
EUVD-2026-16181
A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.10, SICORE Base system All versions V26.10.0. The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated...
CVE-2026-27664
A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.10, SICORE Base system All versions V26.10.0. The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated...
CVE-2026-4513
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. T...
CVE-2026-33060
CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to...
CVE-2026-4746
Out-of-bounds Write vulnerability in timeplus-io proton base/poco/Foundation/src modules. This vulnerability is associated with program files inflate.C. This issue affects proton: before 1.6.16...
CVE-2026-27664
A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.10, SICORE Base system All versions V26.10.0. The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated...
CVE-2026-27664
A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.10, SICORE Base system All versions V26.10.0. The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated...
CVE-2026-27664
A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.10, SICORE Base system All versions V26.10.0. The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated...
CVE-2026-27663
A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.10, RTUM85 RTU Base All versions V26.10. The affected application contains denial-of-service DoS vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjecte...
CVE-2026-27663
The CVE-2026-27663 entry concerns CPCI85 Central Processing/Communication and RTUM85 RTU Base (all versions
CVE-2026-33183
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without validation. A name containing path segments e.g. ../traversal or ../../etc/passwd resulted in a pat...
CVE-2026-33183
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without validation. A name containing path segments e.g. ../traversal or ../../etc/passwd resulted in a pat...
CVE-2026-33183 Saloon has a Fixture Name Path Traversal Vulnerability
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without validation. A name containing path segments e.g. ../traversal or ../../etc/passwd resulted in a pat...
CVE-2026-33182
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the base...
CVE-2026-33182 Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the base...
CVE-2026-33182 Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the base...
PT-2026-28385
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.6 Description Open WebUI is an artificial intelligence platform designed for offline operation. A missing access control check when deleting files from a knowledge base allows a user with write access to a...
PT-2026-28356
Name of the Vulnerable Software and Affected Versions CPCI85 Central Processing/Communication versions prior to 26.10 RTUM85 RTU Base versions prior to 26.10 Description The affected application contains a denial-of-service DoS issue. The remote operation mode is susceptible to resource exhaustio...