Lucene search
K

585 matches found

Cvelist
Cvelist
added 2026/03/17 3:32 a.m.34 views

CVE-2026-4307 frdel/agent0ai agent-zero files.py get_abs_path path traversal

A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function getabspath of the file python/helpers/files.py. The manipulation results in path traversal. The attack can be executed remotely. The exploit has been released to the public and may be...

5.3CVSS0.00357EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/16 6:32 a.m.3 views

CVE-2026-4222

A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal. Remote exploitation of the attack is possible. The exploit...

5.1CVSS5.4AI score0.00438EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/16 6:32 a.m.5 views

CVE-2026-4221

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has...

7.5CVSS5.4AI score0.00284EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25621

A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal. Remote exploitation of the attack is possible. The exploit...

5.1CVSS5.4AI score0.00438EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/15 5:32 a.m.4 views

CVE-2026-4166

A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cross site scripting. The attack can be launched remotely. The exploit has been made public and coul...

5.1CVSS4.1AI score0.00203EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/03/12 4:2 p.m.15 views

CVE-2026-4045

CVE-2026-4045 affects projectsend up to r1945, specifically an issue in includes/Classes/Auth.php where manipulating the ldap_email argument can cause observable response discrepancy. attack can be executed remotely with high complexity and is reported as a low-severity (CVSS ~3.7) issue, with ex...

6.3CVSS5.2AI score0.00289EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.5 views

CVE-2026-3682

A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed publicl...

6.5CVSS5.5AI score0.00232EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/08 12:31 a.m.6 views

EUVD-2026-10198

A vulnerability was detected in bufanyun HotGo up to 2.0. This issue affects the function ImageTransferStorage of the file /server/internal/logic/common/upload.go of the component Endpoint. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit i...

6.5CVSS5.5AI score0.00206EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/07 11:32 p.m.3 views

CVE-2026-3682 welovemedia FFmate ffmpeg.go Execute argument injection

A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed publicl...

6.5CVSS6.2AI score0.00232EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/07 11:32 p.m.48 views

CVE-2026-3682 welovemedia FFmate ffmpeg.go Execute argument injection

A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed publicl...

6.5CVSS0.00232EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/07 9:33 p.m.6 views

EUVD-2026-10187

A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown function of the component com.dgen.alarm. Performing a manipulation results in improper authorization. The attack requires a local approach. The exploit is now public and may be used. The vendor was...

5.3CVSS5.5AI score0.00105EPSS
Exploits0References5
NVD
NVD
added 2026/03/07 4:15 p.m.4 views

CVE-2026-3668

A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high...

3.1CVSS0.0027EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/07 1:32 p.m.37 views

CVE-2026-3661 Wavlink WL-NU516U1 adm.cgi ota_new_upgrade command injection

A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function otanewupgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor wa...

5.8CVSS0.10863EPSS
Exploits1References4
CVE
CVE
added 2026/03/06 12:32 a.m.27 views

CVE-2026-3612

The vulnerability CVE-2026-3612 affects Wavlink WL-NU516U1 (firmware v240425) in the OTA Online Upgrade feature. It targets the function sub_405AF4 in /cgi-bin/adm.cgi by manipulating the firmware_url argument, resulting in a command injection. This can be triggered remotely, and the exploit has ...

8.6CVSS5.7AI score0.1127EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/04 1:44 p.m.7 views

CVE-2025-15598

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be...

6.3CVSS5.3AI score0.00184EPSS
Exploits1References1
OSV
OSV
added 2026/03/02 6:16 a.m.5 views

CVE-2025-15597 Dataease SQLBot API Endpoint assistant.py access control

A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been...

5.3CVSS5.8AI score0.0055EPSS
Exploits1References19
RedhatCVE
RedhatCVE
added 2026/02/28 2:0 p.m.4 views

CVE-2025-11252

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: through 27022026. NOTE: The vendor was contacted early about this disclosure but did not...

9.8CVSS5.9AI score0.00388EPSS
Exploits0References1
OSV
OSV
added 2026/02/27 12:31 a.m.4 views

GHSA-429M-9874-RX9W PSI Probe vulnerable to Server-Side Request Forgery

A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit h...

6.3CVSS5.4AI score0.00362EPSS
Exploits1References6
NVD
NVD
added 2026/02/26 11:16 p.m.8 views

CVE-2026-3268

A vulnerability was detected in psi-probe PSI Probe up to 5.3.0. The affected element is an unknown function of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/RemoveSessAttributeController.java of the component Session Attribute Handler. Performing a manipulation results in...

5.5CVSS0.00226EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/25 10:16 a.m.8 views

CVE-2025-15589

A vulnerability was determined in MuYuCMS 2.7. Affected is the function deletedirfile of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is possible to initiate the attack remotely. T...

7.2CVSS5.2AI score0.00676EPSS
Exploits1References1
Rows per page
Query Builder