21654 matches found
ROOT-APP-PYPI-CVE-2026-34993 CVE-2026-34993 in rootio-aiohttp - Patched by Root
Root has patched CVE-2026-34993 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-47265 CVE-2026-47265 in rootio-aiohttp - Patched by Root
Root has patched CVE-2026-47265 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-54280 CVE-2026-54280 in rootio-aiohttp - Patched by Root
Root has patched CVE-2026-54280 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-49082 CVE-2023-49082 in rootio-aiohttp - Patched by Root
Root has patched CVE-2023-49082 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-34518 CVE-2026-34518 in rootio-aiohttp - Patched by Root
Root has patched CVE-2026-34518 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-50782 CVE-2023-50782 in rootio-cryptography - Patched by Root
Root has patched CVE-2023-50782 in the rootio-cryptography package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2025-4565 CVE-2025-4565 in rootio-protobuf - Patched by Root
Root has patched CVE-2025-4565 in the rootio-protobuf package for Root:PyPI. Multiple fixed versions available...
OfficeWeb365 Indexs Interface - Arbitrary File Read
There is any file reading in the officeWeb365 Indexs interface. id: CVE-2024-37728 info: name: OfficeWeb365 Indexs Interface - Arbitrary File Read author: DhiyaneshDK severity: high description: | There is any file reading in the officeWeb365 Indexs interface. impact: | Unauthenticated attackers...
Vite dev server - Cross-Site Scripting
Vite's dev server, when used with appType: 'custom' and manually invoking server.transformIndexHtml using the unmodified request URL, is vulnerable to XSS via a crafted URL payload. If the HTML being served includes an inline module script ..., an attacker can inject a script via the URL,...
MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting
paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...
EUVD-2026-43562
Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ollama. Authentication is not required to exploit this vulnerability. The specific flaw exists...
CVE-2026-15685 Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability
Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ollama. Authentication is not required to exploit this vulnerability. The specific flaw exists...
CVE-2026-15685
CVE-2026-15685 affects Ollama, with the vulnerability located in the downloadBlob function where user-supplied data is not properly validated, allowing an out-of-bounds memory access and resulting in a denial-of-service condition. The issue, linked to ZDI-CAN-27277, can be triggered remotely with...
CVE-2026-60103
Blender 3.0.0 through 5.1.2 contains an out-of-bounds read vulnerability that allows attackers to trigger a crash or read adjacent heap memory by supplying a crafted .blend file with a malicious signed short memberindex value in the SDNA block. The memberindex field is used as an array index into...
CVE-2026-60103
Blender 3.0.0–5.1.2 contains an out-of-bounds read via a crafted .blend SDNA block. The signed short member_index is used as an array index into sdna->members[] in sdna_expand_names() without bounds checking, producing an invalid pointer that is then passed to strlen(), causing a SIGSEGV or un...
CVE-2026-15540 SourceCodester Online Book Store System Administrative index.php php file inclusion
A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/requi...
CVE-2026-15540
CVE-2026-15540 affects SourceCodester Online Book Store System 1.0. The Administrative Interface file /admin/index.php contains a vulnerability where manipulating the page parameter leads to improper control of the filename used in include/require statements in PHP, i.e., a local file inclusion. ...
CVE-2026-15535 AkariAsai self-rag retrieval_lm index.py Indexer.deserialize_from deserialization
A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserializefrom of the file retrievallm/src/index.py of the component retrievallm. Executing a manipulation of the argument indexmeta.faiss can lead ...
EUVD-2026-43280
A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserializefrom of the file retrievallm/src/index.py of the component retrievallm. Executing a manipulation of the argument indexmeta.faiss can lead ...
CVE-2026-15519
A vulnerability was found in usestrix strix up to 1.0.2. This affects an unknown function of the file systemprompt.jinja of the component PyPI Handler. Performing a manipulation results in inclusion of functionality from untrusted control sphere. The attack is possible to be carried out remotely...