Lucene search
+L

1132 matches found

NVD
NVD
added 2026/07/05 11:16 a.m.11 views

CVE-2026-14737

A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly...

7.5CVSS0.00259EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/05 10:0 a.m.42 views

CVE-2026-14737 Hanwang e-Face General Management Platform querySysAuthStr.do sql injection

A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly...

7.5CVSS0.00259EPSS
Exploits0References5
CVE
CVE
added 2026/07/05 10:0 a.m.24 views

CVE-2026-14737

Hanwang e-Face General Management Platform 6.3.5.4 is affected. The vulnerability resides in the function handling /sysAuthStr/querySysAuthStr.do, where manipulation of the argument order leads to SQL injection. The issue can be triggered remotely, and public exploitation code is available. Explo...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/05 10:0 a.m.7 views

EUVD-2026-41745

A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/05 10:0 a.m.8 views

CVE-2026-14737

A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.17 views

PT-2026-55785

Name of the Vulnerable Software and Affected Versions Hanwang e-Face General Management Platform version 6.3.5.4 Description A SQL injection issue exists in the /sysAuthStr/querySysAuthStr.do endpoint. This occurs when the manipulation of the argument order allows a remote attacker to execute...

7.5CVSS7.3AI score0.00259EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/30 12:54 p.m.7 views

EUVD-2026-40311

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...

9.8CVSS6.6AI score0.00497EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 12:54 p.m.6 views

CVE-2026-58116

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...

9.8CVSS6.6AI score0.00497EPSS
Exploits2References3
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-345 Gradio allows users to access arbitrary files

Impact This vulnerability allows users of Gradio applications that have a public link such as on Hugging Face Spaces to access files on the machine hosting the Gradio application. This involves intercepting and modifying the network requests made by the Gradio app to the server. Patches Yes, the...

9.2CVSS7AI score0.85393EPSS
Exploits2References7
NVD
NVD
added 2026/06/29 9:16 a.m.14 views

CVE-2026-13547

A vulnerability was determined in Hanwang e-Face General Management Platform 6.3.5.4. This issue affects some unknown processing of the file /manage/resourceUpload/upload.do. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The...

7.5CVSS0.00278EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 7:30 a.m.37 views

CVE-2026-13547 Hanwang e-Face General Management Platform upload.do unrestricted upload

A vulnerability was determined in Hanwang e-Face General Management Platform 6.3.5.4. This issue affects some unknown processing of the file /manage/resourceUpload/upload.do. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The...

7.5CVSS0.00278EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/29 7:30 a.m.7 views

CVE-2026-13547

A vulnerability was determined in Hanwang e-Face General Management Platform 6.3.5.4. This issue affects some unknown processing of the file /manage/resourceUpload/upload.do. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The...

7.5CVSS5.5AI score0.00278EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/29 7:30 a.m.29 views

CVE-2026-13547

Vulnerability: CVE-2026-13547 affects Hanwang e-Face General Management Platform 6.3.5.4. The issue arises in processing the file parameter during /manage/resourceUpload/upload.do, where manipulation of the File argument can lead to unrestricted file upload. This can be exploited remotely, and pu...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 7:30 a.m.10 views

EUVD-2026-40047

A vulnerability was determined in Hanwang e-Face General Management Platform 6.3.5.4. This issue affects some unknown processing of the file /manage/resourceUpload/upload.do. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.19 views

PT-2026-53229

A vulnerability was determined in Hanwang e-Face General Management Platform 6.3.5.4. This issue affects some unknown processing of the file /manage/resourceUpload/upload.do. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References6
NVD
NVD
added 2026/06/23 6:18 p.m.13 views

CVE-2026-54316

Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject ...

9.1CVSS0.00403EPSS
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2026/06/20 9:30 a.m.18 views

Hackers Claim to Leak Stolen Madison Square Garden Data

Plus: Gay bars in San Francisco using face scanners, France quits Palantir, Apple plans to change its private email, and more...

5.8AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/06/15 9:0 a.m.21 views

Meta Tapped a Pentagon Supplier to Prototype Face Recognition for Its Glasses

Rank One, whose board includes a former CIA deputy director and a former FBI science chief, supplied face recognition to Meta for internal development of its smart glasses app...

5.3AI score
Exploits0
Snyk
Snyk
added 2026/06/10 5:11 p.m.10 views

Use of Incorrectly-Resolved Name or Reference

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference through several model loading paths. An attacker can make the server load a different Hugging Face...

6.5CVSS5.5AI score0.00146EPSS
Exploits0References2
Wired Threat Level
Wired Threat Level
added 2026/06/10 2:0 p.m.16 views

Wrongful Arrest Exposes Failures in One of the Oldest Police Face-Recognition Tools in the US

The ACLU is suing two Florida police departments over the arrest of a Fort Myers man in a child-abduction case, saying officers treated a flawed face-recognition match as a near-certain ID...

5.5AI score
Exploits0
Rows per page
Query Builder