CVE-2026-47118

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

Agent Zero 跨站脚本漏洞

Agent Zero is an artificial intelligence framework developed by Jan Tomášek. Versions of Agent Zero prior to 1.15 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of security headers when SVG files were provided through the imageget endpoint, which could le...

Zyxel NR7101 安全漏洞

The Zyxel NR7101 is a router from Hopkins Zyxel. A security vulnerability exists in versions prior to Zyxel NR7101 V1.15ACCC.3C0, which stems from a buffer overflow vulnerability in the CGI program parameters that allows an authenticated attacker to cause a denial of service DoS by sending a...

Zyxel NR7101 操作系统命令注入漏洞

The Zyxel NR7101 is a router from Hopkins Zyxel. The operating system command injection vulnerability in the Zyxel NR7101 firmware prior to v1.15 ACCC.3 C0 stems from a vulnerability in its CGI program that allows an authenticated attacker to achieve command injection leading to the execution of...

PT-2022-4605 · Apache · Apache Geode

Name of the Vulnerable Software and Affected Versions: Apache Geode versions prior to 1.15.0 Description: The issue is related to the restoration of untrusted data in memory through the REST API interface of the Apache Geode data management platform. This can allow a remote attacker to execute...

CVE-2022-25194

A cross-site request forgery CSRF vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials...