Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

315 matches found

NVD
NVDadded 2026/04/02 5:16 a.m.4 views

CVE-2026-5321

A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been...

5.3CVSS0.00162EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/02 4:45 a.m.2 views

CVE-2026-5321

A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been...

5.3CVSS5.5AI score0.00162EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2026/04/02 4:45 a.m.8 views

CVE-2026-5321

CVE-2026-5321 affects vanna-ai up to 2.0.2, involving the FastAPI/Flask Server component. The issue allows remote manipulation that can trigger a permissive cross-domain policy with untrusted domains. An exploit has been published and may be used. The vendor was contacted but did not respond. No ...

5.3CVSS5.5AI score0.00162EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/04/02 4:45 a.m.32 views

CVE-2026-5321 vanna-ai vanna FastAPI/Flask Server cross-domain policy

A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been...

5.3CVSS0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/04/02 12:0 a.m.3 views

PT-2026-29680

A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been...

5.3CVSS5.5AI score0.00162EPSS
Exploits0References5
Packet Storm News
Packet Storm Newsadded 2026/03/28 12:0 a.m.5 views

Context-Aware Phishing Email Detection Using Machine Learning and NLP

Phishing attacks remain among the most prevalent cybersecurity threats, causing significant financial losses for individuals and organizations worldwide. This paper presents a machine learning-based phishing email detection system that analyzes email body content using natural language processing...

5.9AI score
Exploits0
EUVD
EUVDadded 2026/03/27 3:30 p.m.3 views

EUVD-2026-16640

A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19 in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podcastrouter.py, in function streamaudio. The stream-aud...

7.5CVSS6AI score0.00558EPSS
Exploits1References2
NVD
NVDadded 2026/03/27 3:16 p.m.8 views

CVE-2026-29871

A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19 in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podcastrouter.py, in function streamaudio. The stream-aud...

7.5CVSS0.00558EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/03/27 12:0 a.m.4 views

CVE-2026-29871

A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19 in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podcastrouter.py, in function streamaudio. The stream-aud...

6AI score0.00558EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/03/27 12:0 a.m.3 views

CVE-2026-29871

A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19 in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podcastrouter.py, in function streamaudio. The stream-aud...

6AI score0.00558EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2026/03/21 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-27953

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any...

9.8CVSS5.9AI score0.01192EPSS
Exploits1References3
EUVD
EUVDadded 2026/03/20 9:31 p.m.5 views

EUVD-2026-13806

A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function moduleplugin.refreshplugins of the file packages/dbgpt-serve/src/dbgptserve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upload. It is possible ...

6.5CVSS5.3AI score0.00201EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/03/20 8:2 p.m.3 views

CVE-2026-4505 eosphoros-ai DB-GPT FastAPI Endpoint controller.py module_plugin.refresh_plugins unrestricted upload

A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function moduleplugin.refreshplugins of the file packages/dbgpt-serve/src/dbgptserve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upload. It is possible ...

6.5CVSS6AI score0.00201EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/20 8:2 p.m.3 views

CVE-2026-4505

A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function moduleplugin.refreshplugins of the file packages/dbgpt-serve/src/dbgptserve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upload. It is possible ...

6.5CVSS6AI score0.00201EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2026/03/20 8:2 p.m.7 views

CVE-2026-4505

This CVE affects the eosphoros-ai DB-GPT project up to version 0.7.5. The vulnerability lies in the FastAPI Endpoint component, specifically the function module_plugin.refresh_plugins in packages/dbgpt-serve/src/dbgpt_serve/agent/hub/controller.py, which enables unrestricted file upload. The issu...

6.5CVSS6AI score0.00201EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/03/20 8:2 p.m.23 views

CVE-2026-4505 eosphoros-ai DB-GPT FastAPI Endpoint controller.py module_plugin.refresh_plugins unrestricted upload

A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function moduleplugin.refreshplugins of the file packages/dbgpt-serve/src/dbgptserve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upload. It is possible ...

6.5CVSS0.00201EPSS
Exploits0References4
Snyk
Snykadded 2026/03/19 10:46 p.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview ormar is an An async ORM with fastapi in mind and pydantic validation. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the model constructor when injecting the pkonly or excluded parameters when used...

9.8CVSS5.8AI score0.01192EPSS
Exploits1References2
OSV
OSVadded 2026/03/19 9:17 p.m.3 views

DEBIAN-CVE-2026-27953

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

9.8CVSS5.6AI score0.01192EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2026/03/19 9:17 p.m.2 views

CVE-2026-27953

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

9.8CVSS5.8AI score0.01192EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/03/19 8:23 p.m.17 views

CVE-2026-27953 ormar has a Pydantic Validation Bypass via Kwargs Injection in Model Constructor

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

7.1CVSS0.01192EPSS
Exploits1References9
Rows per page
Query Builder