21645 matches found
EUVD-2026-43562
Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ollama. Authentication is not required to exploit this vulnerability. The specific flaw exists...
CVE-2026-60103
Blender 3.0.0 through 5.1.2 contains an out-of-bounds read vulnerability that allows attackers to trigger a crash or read adjacent heap memory by supplying a crafted .blend file with a malicious signed short memberindex value in the SDNA block. The memberindex field is used as an array index into...
CVE-2026-60103
Blender 3.0.0–5.1.2 contains an out-of-bounds read via a crafted .blend SDNA block. The signed short member_index is used as an array index into sdna->members[] in sdna_expand_names() without bounds checking, producing an invalid pointer that is then passed to strlen(), causing a SIGSEGV or un...
CVE-2026-15540
CVE-2026-15540 affects SourceCodester Online Book Store System 1.0. The Administrative Interface file /admin/index.php contains a vulnerability where manipulating the page parameter leads to improper control of the filename used in include/require statements in PHP, i.e., a local file inclusion. ...
CVE-2026-15540 SourceCodester Online Book Store System Administrative index.php php file inclusion
A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/requi...
EUVD-2026-43280
A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserializefrom of the file retrievallm/src/index.py of the component retrievallm. Executing a manipulation of the argument indexmeta.faiss can lead ...
CVE-2026-15535 AkariAsai self-rag retrieval_lm index.py Indexer.deserialize_from deserialization
A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserializefrom of the file retrievallm/src/index.py of the component retrievallm. Executing a manipulation of the argument indexmeta.faiss can lead ...
MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting
paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...
Vite dev server - Cross-Site Scripting
Vite's dev server, when used with appType: 'custom' and manually invoking server.transformIndexHtml using the unmodified request URL, is vulnerable to XSS via a crafted URL payload. If the HTML being served includes an inline module script ..., an attacker can inject a script via the URL,...
OfficeWeb365 Indexs Interface - Arbitrary File Read
There is any file reading in the officeWeb365 Indexs interface. id: CVE-2024-37728 info: name: OfficeWeb365 Indexs Interface - Arbitrary File Read author: DhiyaneshDK severity: high description: | There is any file reading in the officeWeb365 Indexs interface. impact: | Unauthenticated attackers...
CVE-2026-15519
A vulnerability was found in usestrix strix up to 1.0.2. This affects an unknown function of the file systemprompt.jinja of the component PyPI Handler. Performing a manipulation results in inclusion of functionality from untrusted control sphere. The attack is possible to be carried out remotely...
EUVD-2026-43264
A security flaw has been discovered in tugcantopaloglu godot-mcp 2.0.0. Affected by this vulnerability is the function validatePath of the file build/index.js of the component runproject. The manipulation of the argument projectPath results in path traversal. Attacking locally is a requirement. T...
EUVD-2026-43262
A vulnerability was found in usestrix strix up to 1.0.2. This affects an unknown function of the file systemprompt.jinja of the component PyPI Handler. Performing a manipulation results in inclusion of functionality from untrusted control sphere. The attack is possible to be carried out remotely...
CVE-2026-15519
The CVE-2026-15519 entry affects usestrix strix up to 1.0.2, specifically the PyPI Handler’s file system_prompt.jinja. A manipulation can cause inclusion of functionality from an untrusted control sphere. The vulnerability is exploitable remotely with network impact and a high attack complexity; ...
CVE-2026-15519 usestrix PyPI system_prompt.jinja inclusion of functionality from untrusted control sphere
A vulnerability was found in usestrix strix up to 1.0.2. This affects an unknown function of the file systemprompt.jinja of the component PyPI Handler. Performing a manipulation results in inclusion of functionality from untrusted control sphere. The attack is possible to be carried out remotely...
CVE-2026-59162
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...
CVE-2026-59161
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...
EUVD-2026-42939
ESF-IDF is the Espressif Internet of Things IOT Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpegparsedqtmarker in components/espdriverjpeg/jpegparsemarker.c because the attacker-controlled DQT marker Tq nibble is used as an inde...
CVE-2026-59162
The CVE concerns the Go-based Excelize library (v2.x) where, prior to 2.11.0, shared-string cell values could be indexed with -1, causing a panic in GetCellValue and GetRows. The issue stems from parsing shared-strings with strconv.Atoi and only an upper bound check before indexing the sharedStri...
ROOT-APP-PYPI-CVE-2026-28684 CVE-2026-28684 in rootio-python-dotenv - Patched by Root
Root has patched CVE-2026-28684 in the rootio-python-dotenv package for Root:PyPI. Multiple fixed versions available...