Lucene search
K

4 matches found

CVE
CVE
added 2026/03/31 10:10 a.m.19 views

CVE-2026-4399

The CVE-2026-4399 entry describes a prompt injection vulnerability in the 1millionbot Millie chatbot. The issue arises when a user bypasses chat restrictions via Boolean prompt injection, causing the model to execute an injected instruction after an affirmative ('true') response. Consequences sta...

8.7CVSS6AI score0.00265EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/08/12 8:52 p.m.25 views

CVE-2025-55165 Autocaliweb Exposure of Sensitive Information to an Unauthorized Actor in `config_sql.py`

Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...

8.2CVSS0.00177EPSS
Exploits0References3
Snyk
Snyk
added 2025/07/09 3:29 p.m.1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the charms HTTP API endpoint when handling uploaded ZIP files. An attacker can overwrite arbitrary files on the server by uploading a specially crafted ZIP archive containing directory traversal sequences,...

8.8CVSS7.7AI score0.00647EPSS
Exploits1References2
OSV
OSV
added 2023/09/19 5:32 a.m.7 views

MAL-2023-8167 Malicious code in @spgy/eslint-plugin-spgy-fe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f153ed03ad775543b9a2c5ba45f744fdb6dc3bdd3de7734a273488881a1353a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder