21406 matches found
CVE-2026-7036 Tenda i9 HTTP R7WebsSecurityHandlerfunction path traversal
A vulnerability was identified in Tenda i9 1.0.0.52204. This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...
CVE-2026-7036 Tenda i9 HTTP R7WebsSecurityHandlerfunction path traversal
A vulnerability was identified in Tenda i9 1.0.0.52204. This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...
NFC: digital: Bounds check NFC-A cascade depth in SDD response handler
...
PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup
...
Ollama is Vulnerable to Path Traversal
A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...
GHSA-X99G-8V8J-25J2 Ollama is Vulnerable to Path Traversal
A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...
CVE-2026-7022
CVE-2026-7022 affects SmythOS sre up to 0.0.15. The vulnerability lies in the HTTP Header Handler’s AgentRuntime function (packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts), where manipulation of the arguments X-DEBUG-RUN/X-DEBUG-INJ enables improper authentication. The issue allow...
CVE-2026-7022 SmythOS sre HTTP Header AgentRuntime.class.ts AgentRuntime improper authentication
A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...
CVE-2026-7020 Ollama Tensor Model Transfer transfer.go digestToPath path traversal
A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...
CVE-2026-7020 Ollama Tensor Model Transfer transfer.go digestToPath path traversal
A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...
EUVD-2026-25695
A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...
CVE-2026-7018
A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the...
EUVD-2026-25693
A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the...
PT-2026-35221
A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made...
PT-2026-35223
A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...
VulnCheck KEV: CVE-2023-3793
A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql...
SSH MCP Server 安全漏洞
SSH MCP Server is a tool developed by Tufan Tunç for remotely executing Shell commands via SSH. Versions of SSH MCP Server 1.5.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the improper credential protection in the Command Line Handler component’s src/index.ts...
PT-2026-35219
A vulnerability was identified in Tenda i9 1.0.0.52204. This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...
PT-2026-35241
Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler SEH overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within the Managing Log...
Tenda i9 路径遍历漏洞
The Tenda i9 is a wireless access point from the Chinese company Tenda, designed to be installed on ceilings. The version Tenda i9 1.0.0.52204 contains a path traversal vulnerability. This vulnerability stems from improper handling of the R7WebsSecurityHandlerfunction function in the HTTP Handler...