CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

68 matches found

CNNVD•added 2026/04/02 12:0 a.m.•4 views

Vanna 访问控制错误漏洞

Vanna is a personalized AI SQL proxy from Vanna Corporation. Versions of vanna 2.0.2 and earlier contained an access control vulnerability. This vulnerability stemmed from the absence of authentication in the Chat API Endpoint component, which could lead to remote attacks...

7.5CVSS7.2AI score0.00105EPSS

Exploits0References4

SUSE CVE•added 2026/03/24 12:24 a.m.•2 views

SUSE CVE-2026-32733

Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...

8.7CVSS5.9AI score0.00024EPSS

Exploits1References3

Vulnrichment•added 2026/03/20 10:40 p.m.•1 views

CVE-2026-32810 Halloy has insecure file permissions on credential files

Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...

4.8CVSS5.8AI score0.00005EPSS

Exploits1References2

Positive Technologies•added 2026/03/20 12:0 a.m.•2 views

PT-2026-26688

Halloy is an IRC application written in Rust. In versions on nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any loc...

4.8CVSS5.8AI score0.00005EPSS

Exploits1References4

CNNVD•added 2025/11/25 12:0 a.m.•2 views

NVIDIA NeMo Agent ToolKit 代码问题漏洞

NVIDIA NeMo Agent ToolKit is an intelligences optimization toolkit from NVIDIA, Inc. A code issue vulnerability exists in NVIDIA NeMo Agent ToolKit, which stems from a server-side request forgery in the Chat API endpoint that could lead to information disclosure and denial of service...

7.6CVSS6.3AI score0.00084EPSS

Exploits0References4

EUVD•added 2025/11/10 3:31 p.m.•3 views

EUVD-2025-44061

The sendmessage.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to Cross-Site Request Forgery CSRF. The application does not implement any CSRF-protection mechanisms such as tokens, nonces, or same-site cookie restrictions. An attacker can create a malicious HTML page tha...

6.3AI score0.00031EPSS

Exploits1References3

Positive Technologies•added 2025/11/10 12:0 a.m.•3 views

PT-2025-46161

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Public Chat Room version 1.0 Description The application lacks CSRF-protection mechanisms like tokens, nonces, or same-site cookie restrictions. An attacker can create a malicious HTML page that, when visited by an...

6.5AI score0.00031EPSS

Exploits1References6

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2017-1249

Malware in sbrugna...

6.5CVSS6.6AI score0.00148EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-14512

Malware in sbrugna...

8.2CVSS7.8AI score0.00304EPSS

Exploits0References2