3 matches found
CVE-2026-9372
ItzCrazyKns Vane (up to 1.12.1) contains a server-side request forgery in src/app/api/providers/route.ts via baseURL argument manipulation. Remote exploitation is possible and the exploit has been published. The project was informed early via an issue report but has not responded. No remediation ...
CVE-2026-3954
OpenBMB XAgent 1.0.0 is affected by CVE-2026-3954 due to a path traversal in the XAgentServer/application/routers/workspace.py workspace function where manipulating the file_name argument enables traversal. The vulnerability can be triggered remotely and a public exploit is available. Project was...
CVE-2026-3383
A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::BoxedNumber::go of the file include/chaiscript/dispatchkit/boxednumber.hpp. Executing a manipulation can lead to divide by zero. The attack requires local access. The exploit has been made available to...