CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

246 matches found

CVE-2026-10212 AstrBotDevs AstrBot astr_main_agent.py astr_main_agent authorization

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astrmainagent of the file astrbot/core/astrmainagent.py. Such manipulation of the argument sessionid leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly availab...

6.5CVSS0.00036EPSS

Exploits0References5

CVE•added 5 days ago•15 views

CVE-2026-10211

CVE-2026-10211 affects AstrBotDevs AstrBot 4.23.6. The vulnerability is in the function _normalize_rw_path of astrbot/core/tools/computer_tools/fs.py, leading to incorrect authorization. It can be exploited remotely, and the exploit has been publicly disclosed. The vendor was contacted early abou...

6.5CVSS6.3AI score0.00036EPSS

Exploits0References5

CNNVD•added 2026/05/27 12:0 a.m.•6 views

Dolibarr ERP/CRM 安全漏洞

Dolibarr ERP/CRM is a web-based enterprise resource planning ERP and customer relationship management CRM system developed by the Dolibarr Foundation in France. This system can be used to manage products, inventory, invoices, orders, etc. Versions of Dolibarr ERP/CRM from 22.0.0 to 22.0.4, as wel...

7.3CVSS6.1AI score0.00328EPSS

Exploits0References2

ATTACKERKB•added 2026/05/27 12:0 a.m.•5 views

CVE-2026-37711

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actionsaddupdatedelete.inc.php...

6.2AI score0.00328EPSS

Exploits0References3

CNNVD•added 2026/05/01 12:0 a.m.•6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from targetcorefile not initializing the kiwritestream field of aiocmd-iocb, which could result in a write comman...

7.5CVSS5.8AI score0.00054EPSS

Exploits0References1

OSV•added 2026/04/30 12:13 a.m.•6 views

OSV-2026-653 Heap-buffer-overflow in generic_unpack

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=507413960 Crash type: Heap-buffer-overflow READ 2 Crash state: genericunpack exrdecodingrun Imf40::checkCoreFile...

5.8AI score

Exploits0References1

Cvelist•added 2026/04/20 2:30 a.m.•31 views

CVE-2026-6597 langflow-ai langflow Flow Using API core.py has_api_terms credentials storage

A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function removeapikeys/hasapiterms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiated...

5.1CVSS0.00011EPSS

Exploits0References4

CNNVD•added 2026/04/20 12:0 a.m.•6 views

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.8.3 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the function removeapikeys/hasapiterms found in...

5.1CVSS5.7AI score0.00011EPSS

Exploits0References1

Cvelist•added 2026/04/09 10:59 p.m.•16 views

CVE-2026-34424 Smart Slider 3 Pro 3.5.1.35 Supply Chain Attack Remote Access Toolkit

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via...

9.8CVSS0.00346EPSS

Exploits0References5

NVD•added 2026/03/20 10:16 p.m.•2 views

CVE-2026-4507

A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function askdb of the file mindsql/core/mindsqlcore.py. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

6.5CVSS0.00039EPSS

Exploits0References4

Positive Technologies•added 2026/03/20 12:0 a.m.•4 views

PT-2026-26684

A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impacted is the function ask db of the file mindsql/core/mindsql core.py. Performing a manipulation results in code injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was...

6.5CVSS6.3AI score0.00061EPSS

Exploits0References6

Vulnrichment•added 2026/02/06 11:14 p.m.•3 views

CVE-2020-37155 Core FTP Lite 1.3 - Denial of Service (PoC)

Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte payload of repeated 'A' characters to trigger an application crash without requiring additional...

7.5CVSS5.9AI score0.00014EPSS

Exploits0References3

EUVD•added 2025/12/26 2:2 a.m.•1 views

EUVD-2025-205412

A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used...

5.1CVSS5.1AI score0.00008EPSS

Exploits0References5

CNNVD•added 2025/12/26 12:0 a.m.•1 views

httpbin 代码注入漏洞

httpbin is an open source HTTP request and response service from Postman Inc. A code injection vulnerability exists in httpbin version 0.6.1 and earlier, which stems from a flaw in the file httpbin-master/httpbin/core.py and could lead to a cross-site scripting attack...

5.1CVSS4.7AI score0.00008EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-27029

Malware in sbrugna...

7.5CVSS7.5AI score0.00647EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-17308

Malware in sbrugna...

7.5CVSS7.6AI score0.00749EPSS

Exploits0References3