CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/04/20 12:0 a.m.•6 views

BichitroGan ISP Billing Software 安全漏洞

BichitroGan ISP Billing Software is an internet service provider billing and customer management system developed by BichitroGan Company in Bangladesh. The version 2025.3.20 of BichitroGan ISP Billing Software contains a security vulnerability. This vulnerability arises from improper handling of...

4.8CVSS5.6AI score0.00033EPSS

CVE•added 2026/04/20 12:0 a.m.•4 views

CVE-2026-29643

The CVE relates to XiangShan’s CSR subsystem (NewCSR) in an open‑source RISC‑V processor. The flaw is an improper exceptional‑condition handling when CSR operations target non‑existent/custom CSR addresses, which may trigger an illegal‑instruction exception but fail to reliably transfer control t...

7.1CVSS6AI score0.00006EPSS

Positive Technologies•added 2026/04/20 12:0 a.m.•3 views

PT-2026-33749

A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack...

6.5CVSS6.2AI score0.00078EPSS

Positive Technologies•added 2026/04/20 12:0 a.m.•2 views

PT-2026-33743

A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /? route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly...

4.8CVSS3.9AI score0.00033EPSS

CNNVD•added 2026/04/20 12:0 a.m.•5 views

FastChat 安全漏洞

FastChat is an open-source platform developed by LMSYS for training, deploying, and evaluating chatbots based on large language models. Versions of FastChat prior to 0.2.36 contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the addtext function in the Arena...

6.9CVSS6.1AI score0.00049EPSS

CNNVD•added 2026/04/20 12:0 a.m.•4 views

BichitroGan ISP Billing Software 安全漏洞

4.8CVSS5.6AI score0.00033EPSS

NVD•added 2026/04/19 11:16 p.m.•1 views

CVE-2026-6580

A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipulation of the argument key leads to use of hard-coded cryptographic key . The attack may be launch...

7.5CVSS0.00054EPSS

EUVD•added 2026/04/19 9:31 p.m.•2 views

EUVD-2026-23707

A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...

6.5CVSS6.3AI score0.00421EPSS

ATTACKERKB•added 2026/04/19 9:15 p.m.•1 views

CVE-2026-6578

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRETKEY results in hard-coded credentials. The attack can be launched remotely. Th...

6.3CVSS5.2AI score0.00017EPSS

Exploits0References4Affected Software1

CVE•added 2026/04/19 9:15 p.m.•5 views

CVE-2026-6578

Summary: CVE-2026-6578 affects the DjangoBlog app by liangliangyy up to version 2.1.0.0. The issue is located in djangoblog/settings.py (Setting Handler) where manipulating the SECRET_KEY leads to hard-coded credentials. It is possible to launch an attack remotely with high complexity, and the ex...

6.3CVSS5.5AI score0.00017EPSS

Cvelist•added 2026/04/19 7:0 p.m.•29 views

CVE-2026-6576 liangliangyy DjangoBlog WeChat Bot commonapi.py CommandHandler command injection

6.5CVSS0.00421EPSS

CVE•added 2026/04/19 7:0 p.m.•7 views

CVE-2026-6576

CVE-2026-6576 affects liangliangyy DjangoBlog (up to version 2.1.0.0) via the WeChat Bot Interface, specifically the servermanager/api/commonapi.py CommandHandler. The root cause is a vulnerability allowing manipulation of the Source argument to achieve command injection, with remote exploitation...

6.5CVSS5.4AI score0.00421EPSS

ATTACKERKB•added 2026/04/19 7:0 p.m.•2 views

CVE-2026-6576

6.5CVSS5.4AI score0.00421EPSS

Exploits0References4Affected Software1

NVD•added 2026/04/19 10:16 a.m.•2 views

CVE-2026-6568

A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack can be initiated...

7.5CVSS0.00129EPSS

ATTACKERKB•added 2026/04/19 9:45 a.m.•0 views

CVE-2026-6568

7.5CVSS5.4AI score0.00129EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/04/19 12:0 a.m.•2 views

PT-2026-33648

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRET KEY results in hard-coded credentials. The attack can be launched remotely. T...

6.3CVSS5.5AI score0.00017EPSS

Positive Technologies•added 2026/04/19 12:0 a.m.•5 views

PT-2026-37213

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A buffer overflow can be triggered remotely in the HTTP Handler component. The issue exists within the sprintf function of the '/auto reboot.asp' endpoint, where manipulation of the enable/time...

10CVSS7.4AI score0.00199EPSS

Exploits1References16

Positive Technologies•added 2026/04/19 12:0 a.m.•1 views

PT-2026-33626

7.5CVSS5.4AI score0.00129EPSS