Lucene search
K

4886 matches found

CVE
CVE
added 20 hours ago6 views

CVE-2026-15621

mosaxiv clawlet up to version 0.2.10 contains a vulnerability in the File Tools component, specifically in the read_file, write_file, and edit_file functionality implemented in tools/fs_ops.go. The issue arises from a manipulation that leads to link following, with exploitation requiring local ac...

5.3CVSS5.9AI score
Exploits0References6
Cvelist
Cvelist
added 20 hours ago8 views

CVE-2026-15621 mosaxiv clawlet File Tools fs_ops.go edit_file link following

A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function readfile/writefile/editfile of the file tools/fsops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was...

5.3CVSS
Exploits0References6
NVD
NVD
added yesterday7 views

CVE-2026-15528

A vulnerability was found in lamaalrajih kicad-mcp up to 3.3.1. This issue affects some unknown processing of the file kicadmcp/utils/pathvalidator.py. Performing a manipulation of the argument projectpath/schematicpath results in protection mechanism failure. Attacking locally is a requirement...

4.8CVSS0.00113EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added yesterday8 views

CVE-2026-15531

A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file runnerf.py of the component Checkpoint File Handler. The manipulation of the argument ckptpath leads to deserialization. The...

5.3CVSS5.6AI score0.00121EPSS
Exploits0References7
Cvelist
Cvelist
added yesterday31 views

CVE-2026-15531 yashbhalgat HashNeRF-pytorch Checkpoint File run_nerf.py torch.load deserialization

A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file runnerf.py of the component Checkpoint File Handler. The manipulation of the argument ckptpath leads to deserialization. The...

5.3CVSS0.00121EPSS
Exploits0References7
EUVD
EUVD
added yesterday5 views

EUVD-2026-43273

A vulnerability was found in lamaalrajih kicad-mcp up to 3.3.1. This issue affects some unknown processing of the file kicadmcp/utils/pathvalidator.py. Performing a manipulation of the argument projectpath/schematicpath results in protection mechanism failure. Attacking locally is a requirement...

4.8CVSS5.8AI score0.00113EPSS
Exploits0References6
CVE
CVE
added yesterday10 views

CVE-2026-15528

CVE-2026-15528 affects lamaalrajih/kicad-mcp up to 3.3.1. The vulnerability is in kicad_mcp/utils/path_validator.py where manipulating the arguments project_path or schematic_path causes a protection mechanism failure. Local exploitation is required, and the exploit has been made public. The proj...

4.8CVSS5.8AI score0.00113EPSS
Exploits0References6
CVE
CVE
added yesterday10 views

CVE-2026-15526

A vulnerability in augmnt augments-mcp-server 7.1.0 affects the function scanProjectDeps (src/tools/v4/scan-project-deps.ts) of the scan_project_deps component. The issue arises from manipulating the argument packageJsonPath, enabling path traversal. The attack is local, and a proof-of-concept/ex...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday37 views

CVE-2026-15522 tugcantopaloglu godot-mcp run_project index.js validatePath path traversal

A security flaw has been discovered in tugcantopaloglu godot-mcp 2.0.0. Affected by this vulnerability is the function validatePath of the file build/index.js of the component runproject. The manipulation of the argument projectPath results in path traversal. Attacking locally is a requirement. T...

5.3CVSS0.00137EPSS
Exploits0References8
CVE
CVE
added yesterday11 views

CVE-2026-15521

The CVE applies to makafeli n8n-workflow-builder up to 0.11.0. Vulnerable is an unknown function in build/server.cjs (update_node_from_file); manipulating the filePath argument enables path traversal. Local attack required; exploit publicly available. Project was informed via issue report but has...

5.3CVSS5.7AI score0.00137EPSS
Exploits0References6
NVD
NVD
added 2 days ago7 views

CVE-2026-15506

A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. The affected element is an unknown function in the library saappctl.sys of the component Driver. Such manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been...

8.5CVSS0.00184EPSS
Exploits0References7
NVD
NVD
added 2 days ago8 views

CVE-2026-15475

A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been ma...

5.3CVSS0.00105EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago36 views

CVE-2026-15475 MiniTool Partition Wizard Signed Kernel Driver pwdrvio.sys access control

A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been ma...

5.3CVSS0.00105EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-57573

Name of the Vulnerable Software and Affected Versions SecureAge CatchPulse versions prior to 10.9.4 Description A heap-based buffer overflow exists in the kernel driver component saappctl.sys. A local attacker with low privileges can corrupt kernel memory via IOCTL Input/Output Control calls, whi...

8.5CVSS7AI score0.00184EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-21055

Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege...

8.5CVSS0.00121EPSS
Exploits1References1
CVE
CVE
added 5 days ago9 views

CVE-2026-15276

Symphonia (pdeljanov) up to version 0.6.0 exposes a denial-of-service vulnerability in the Metadata Handler. The issue affects unknown code paths; exploitation requires local access and a publicly published exploit exists. A fix is in a pull request but has not yet been accepted. The advisory not...

4.8CVSS5.3AI score0.0012EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 5 days ago9 views

Linux Distros Unpatched Vulnerability : CVE-2025-15667

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gfisomnalusamplerewrite of the file src/isomedia/avcext.c of the...

4.8CVSS5.8AI score0.00112EPSS
Exploits0References2
Mageia
Mageia
added 6 days ago4 views

Updated vips packages fix security vulnerabilities

This update fixes several security issues: A flaw has been found in libvips up to 8.18.0. The affected element is the function vipsforeignloadmatrixfileisa/vipsforeignloadmatrixheader of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack need...

7.8CVSS5.6AI score0.00209EPSS
Exploits3References2
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-15035 bentoml OpenLLM Model Repository Directory Name common.py async_run_command command injection

A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function asyncruncommand of the file src/openllm/common.py of the component Model Repository Directory Name Handler. Performing a manipulation of the argument cmd results in command injection. Attacking locally is a requirement...

5.3CVSS0.01338EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/07/06 11:15 a.m.6 views

CVE-2025-15667

A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gfisomnalusamplerewrite of the file src/isomedia/avcext.c of the component MP4Box. This manipulation of the argument naluoutbs causes double free. It is possible to launch the attack on the local host. T...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References8
Rows per page
Query Builder