Lucene search
K

335 matches found

EUVD
EUVD
added 2026/07/01 1:49 p.m.6 views

EUVD-2026-40997

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS6.2AI score0.00568EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/30 3:53 p.m.9 views

CVE-2026-58170 Vibe-Trading < 0.1.10 - Path Traversal in Proposal Identifier Allows Forging Live Trading Mandates

Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory without sanitization agent/src/live/mandate/commit.py. A proposal identifier containing path traversal sequences causes the application to load an...

8.3CVSS5.8AI score0.00416EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2025-71332

Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to ...

8.8CVSS6AI score0.00283EPSS
Exploits1References3
CVE
CVE
added 2026/06/23 3:55 p.m.36 views

CVE-2026-44792

CVE-2026-44792 describes a SQL injection risk in n8n caused by importing a crafted Data Table JSON file during a Source Control Pull. Attack requires: PostgreSQL backend, Source Control feature enabled and connected to a writable repository, and an administrator triggering a Pull. The vulnerabili...

9CVSS5.9AI score0.00331EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 7:16 a.m.15 views

Malicious code in 0x2ai-multi-q (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e305b12731a6b73c8982935753b52febfa90626f5a75f6942ca154aa708594b6 Running npx 0x2ai-multi-q the package's documented invocation spawns claude --dangerously-skip-permissions and writes a .mcp.json into the user's...

6.4AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.14 views

CVE-2026-49955

Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...

6.9CVSS5.5AI score0.00586EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/01 9:31 a.m.132 views

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting ove...

5.9AI score
Exploits0
NVD
NVD
added 2026/05/29 2:16 p.m.12 views

CVE-2026-45620

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

5.3CVSS0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

WWBN AVideo 授权问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained an authorization vulnerability. This vulnerability stemmed from the absence of user login checks and administrator gatekeeping in the objects/mention.json.php file...

5.3CVSS5.8AI score0.00193EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.9 views

CVE-2026-6394 Nexa Blocks <= 1.1.1 - Unauthenticated Blind Server-Side Request Forgery via 'demo_json_file' Parameter

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

5.4CVSS5.9AI score0.00316EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.11 views

CVE-2026-6394

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

5.4CVSS5.9AI score0.00316EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.60 views

CVE-2026-6394 Nexa Blocks <= 1.1.1 - Unauthenticated Blind Server-Side Request Forgery via 'demo_json_file' Parameter

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

5.4CVSS0.00316EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.11 views

PT-2026-41719

Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description A path traversal issue exists in the '/v1/summarize' daemon endpoint. Authenticated users can write files to arbitrary directories by providing an absolute path or directory traversal sequence in...

7.1CVSS5.9AI score0.00396EPSS
Exploits1References7
Snyk
Snyk
added 2026/05/15 6:34 p.m.10 views

Cross-site Request Forgery (CSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the set.json.php process. An attacker can disable a user's two-factor authentication by tricking a logged-in user into...

6.9CVSS5.8AI score0.0011EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/12 10:22 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the browser field in package.json during the build process. An attacker can access arbitrary files on the server filesystem by publishing a specially crafted npm package that remaps module paths to locations...

8.7CVSS6.5AI score0.00321EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 6:0 p.m.16 views

CVE-2026-45222

CVE-2026-45222 affects Summarize up to version 0.14.1. The issue arises from daemon configuration directory/file permissions that may be world-readable on Unix-like systems, enabling a local attacker to read the daemon bearer token and stored provider credentials from ~/.summarize/daemon.json. Th...

6.9CVSS5.8AI score0.00098EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/16 10:54 p.m.24 views

CVE-2026-40318 SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. An attacker can inject path traversal...

8.5CVSS0.00287EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/10 7:32 p.m.10 views

SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`

Summary The endpoint /api/av/removeUnusedAttributeView is vulnerable to a path traversal CWE-22 that allows an attacker to delete arbitrary .json files on the server. The issue arises because user-controlled input id is directly used in filesystem path construction without validation or...

8.5CVSS6AI score0.00287EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/10 6:16 p.m.14 views

CVE-2026-40163

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offlinechanges endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON content...

8.2CVSS0.00333EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2026/04/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-8497

In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps...

5.3CVSS5.8AI score0.05275EPSS
In wildExploits1References2
Rows per page
Query Builder