Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7526 matches found

Cvelist
Cvelistadded 2026/04/07 2:45 p.m.16 views

CVE-2026-35483 text-generation-webui has a Path Traversal in load_template() — .jinja/.yaml/.yml file read without authentication

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadtemplate allows reading files with .jinja, .jinja2, .yaml, or .yml extensions from anywhere on the server filesystem. For .jinja files the...

5.3CVSS0.00095EPSS
Exploits1References1
NVD
NVDadded 2026/04/07 2:16 p.m.2 views

CVE-2026-5627

A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the AgentFlows component. The vulnerability arises from improper handling of user input in the loadFlow and deleteFlow methods in server/utils/agentFlows/index.js. Specifically, the...

9.1CVSS0.00063EPSS
Exploits1References2
CVE
CVEadded 2026/04/07 1:49 p.m.28 views

CVE-2026-21413

LibRaw contains a heap-based buffer overflow in the lossless_jpeg_load_raw function for commits 0b56545 and d20315b. A specially crafted malicious file can trigger the overflow, leading to a potentially severe impact as reflected by CVSSv3.1: Base score 9.8 (CRITICAL), with network attack vector,...

9.8CVSS6.3AI score0.00078EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/07 1:49 p.m.3 views

CVE-2026-21413

A heap-based buffer overflow vulnerability exists in the losslessjpegloadraw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS6.3AI score0.00078EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/04/07 1:49 p.m.16 views

CVE-2026-21413

A heap-based buffer overflow vulnerability exists in the losslessjpegloadraw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS0.00078EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/04/07 1:49 p.m.2 views

CVE-2026-24660

A heap-based buffer overflow vulnerability exists in the x3floadhuffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

8.1CVSS6.3AI score0.00078EPSS
Exploits1References2
CVE
CVEadded 2026/04/07 1:49 p.m.20 views

CVE-2026-24660

LibRaw vulnerability CVE-2026-24660: a heap-based buffer overflow in x3f_load_huffman (commit d20315b). A crafted file can trigger heap corruption with network access, no privileges, and no user interaction. CVSS 3.1 base score 8.1 (HIGH). Impact to confidentiality, integrity, and availability is...

9.8CVSS6.3AI score0.00078EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/07 1:49 p.m.1 views

CVE-2026-24660

A heap-based buffer overflow vulnerability exists in the x3floadhuffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

8.1CVSS6.3AI score0.00078EPSS
Exploits1References1
Debian CVE
Debian CVEadded 2026/04/07 1:49 p.m.1 views

CVE-2026-24660

A heap-based buffer overflow vulnerability exists in the x3floadhuffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS6AI score0.00078EPSS
Exploits1
Cvelist
Cvelistadded 2026/04/07 1:49 p.m.16 views

CVE-2026-24660

A heap-based buffer overflow vulnerability exists in the x3floadhuffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

8.1CVSS0.00078EPSS
Exploits1References1
CVE
CVEadded 2026/04/07 1:49 p.m.8 views

CVE-2026-20884

CVE-2026-20884 affects LibRaw’s deflate_dng_load_raw, where an integer overflow can lead to a heap buffer overflow when processing a crafted file. The vulnerability, tied to Commit 8dc68e2, can be triggered by supplying a malicious file, with the CVSS 3.1 base score of 8.1 (HIGH) and impact to co...

9.8CVSS6.2AI score0.00078EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/07 1:49 p.m.4 views

CVE-2026-20884

An integer overflow vulnerability exists in the deflatedngloadraw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

8.1CVSS6.2AI score0.00078EPSS
Exploits1References2
Debian CVE
Debian CVEadded 2026/04/07 1:49 p.m.1 views

CVE-2026-20884

An integer overflow vulnerability exists in the deflatedngloadraw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS5.9AI score0.00078EPSS
Exploits1
Cvelist
Cvelistadded 2026/04/07 1:6 p.m.17 views

CVE-2026-5627 Path Traversal in mintplex-labs/anything-llm

A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the AgentFlows component. The vulnerability arises from improper handling of user input in the loadFlow and deleteFlow methods in server/utils/agentFlows/index.js. Specifically, the...

9.1CVSS0.00063EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/04/07 1:6 p.m.1 views

CVE-2026-5627 Path Traversal in mintplex-labs/anything-llm

A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the AgentFlows component. The vulnerability arises from improper handling of user input in the loadFlow and deleteFlow methods in server/utils/agentFlows/index.js. Specifically, the...

9.1CVSS7.3AI score0.00063EPSS
Exploits1References2
CVE
CVEadded 2026/04/07 1:6 p.m.5 views

CVE-2026-5627

The CVE-2026-5627 issue affects mintplex-labs/anything-llm up to version 1.9.1, specifically in the AgentFlows component. The vulnerability stems from improper handling of user input in loadFlow and deleteFlow (server/utils/agentFlows/index.js), where path.join combined with normalizePath can byp...

9.1CVSS7.3AI score0.00063EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/04/07 9:16 a.m.2 views

DEBIAN-CVE-2026-34197

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS8.7AI score0.83461EPSS
Exploits11References1
Vulnrichment
Vulnrichmentadded 2026/04/07 7:50 a.m.2 views

CVE-2026-34197 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

7.8AI score0.83461EPSS
Exploits11References1
EUVD
EUVDadded 2026/04/07 6:30 a.m.1 views

EUVD-2026-19573

A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The loadrngstate method in src/transformers/trainer.py at line 3059 calls torch.load without the weightsonly=True parameter. This issue affects all versions of the...

6.5CVSS7AI score0.00023EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/04/07 5:22 a.m.2 views

CVE-2026-1839

A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The loadrngstate method in src/transformers/trainer.py at line 3059 calls torch.load without the weightsonly=True parameter. This issue affects all versions of the...

6.5CVSS7AI score0.00023EPSS
Exploits1References3
Rows per page
Query Builder