Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
added 2026/06/15 10:4 a.m.8 views

CVE-2026-34027 Upload restriction bypass in Wertheim SafeController Software allows authenticated users to upload arbitrary files

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload ...

5.3CVSS5.4AI score0.00305EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.14 views

EUVD-2025-32198

Malicious code in bioql PyPI...

9.4CVSS6.6AI score0.00382EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-32014

Malicious code in bioql PyPI...

6.6AI score0.00197EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/02 6:59 p.m.18 views

CVE-2025-59835 LangBot has a cross-directory file upload vulnerability, which could lead to system takeover

LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the...

9.4CVSS0.00382EPSS
Exploits0References3
OSV
OSV
added 2025/10/02 6:59 p.m.10 views

CVE-2025-59835 LangBot has a cross-directory file upload vulnerability, which could lead to system takeover

LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the...

9.4CVSS7AI score0.00382EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.3 views

LangBot 代码问题漏洞

LangBot is a large model of LangBot open source instant messaging bot development platform. A code issue vulnerability exists in LangBot versions 4.1.0 through 4.3.5, which stems from the /api/v1/files/documents interface not strictly limiting the server file storage directory, which could lead t...

9.4CVSS7AI score0.00382EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/01 12:0 a.m.3 views

CVE-2025-59686

Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id...

6.5AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.4 views

PT-2025-40252

Name of the Vulnerable Software and Affected Versions Kazaar version 1.25.12 Description The software allows calls to /api/v1/org-id/orders/order-id/documents with a modified order-id. This could potentially lead to unauthorized access or manipulation of data. Recommendations Apply any available...

6.5AI score0.00197EPSS
Exploits0References5
PyPA
PyPA
added 2019/08/27 3:15 p.m.7 views

PYSEC-2019-174

Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/...

8.8CVSS7.1AI score0.01149EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder