Lucene search
K

534 matches found

Cvelist
Cvelist
added 2026/04/15 12:0 a.m.22 views

CVE-2026-30616

Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, causing attacker-controlled commands to be executed on the server. Successful exploitation result...

0.00344EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/25 9:14 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the DownloadFile and DownloadFileWithHeaders functions. An attacker can cause the server to make arbitrary HTTP requests to internal network resources by supplying crafted URLs during the migration...

6.4CVSS6.5AI score0.00272EPSS
Exploits1References2
NVD
NVD
added 2026/02/20 5:25 p.m.6 views

CVE-2026-26102

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...

8.5CVSS0.00106EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 5:25 p.m.13 views

CVE-2026-26095

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...

8.5CVSS0.00096EPSS
Exploits0References1
OSV
OSV
added 2026/02/20 5:25 p.m.4 views

CVE-2026-26101

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...

7.8CVSS5.8AI score0.00106EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 4:56 p.m.4 views

CVE-2026-26102 Incorrect Permission Assignment for Critical Resource in Owl opds

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...

8.5CVSS5.4AI score0.00106EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 4:55 p.m.24 views

CVE-2026-26100

CVE-2026-26100 concerns Owl opds, version 2.2.0.4, where incorrect permission assignment of a critical resource enables file manipulation via a crafted network request. The CVE entry documents a MEDIUM-severity issue with CVSS 4.0, scoped as local access, low attack complexity, and no user intera...

6.8CVSS5.4AI score0.00089EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/02/20 4:54 p.m.23 views

CVE-2026-26098

The CVE-2026-26098 entry concerns Owl opds version 2.2.0.4 and is caused by an Uncontrolled Search Path Element. The issue permits manipulation of configuration file search paths via a crafted network request, indicating local attack vector with high impact on confidentiality and integrity, and h...

8.4CVSS5.4AI score0.00109EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/20 4:52 p.m.4 views

CVE-2026-26096 Incorrect Permission Assignment for Critical Resource in Owl opds

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...

8.5CVSS5.4AI score0.00096EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 4:51 p.m.4 views

CVE-2026-26095

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...

8.5CVSS5.4AI score0.00096EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/20 4:48 p.m.4 views

CVE-2026-2333 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds

Improper Neutralization of Special Elements used in a Command 'Command Injection' in Owl opds 2.2.0.4 allows Command Injection via a crafted network request...

9.2CVSS5.4AI score0.01025EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 4:48 p.m.14 views

CVE-2026-2333

The CVE is for Owl opds 2.2.0.4, where the vulnerability arises from Improper Neutralization of Special Elements used in a Command (Command Injection). The affected component is Owl opds 2.2.0.4, and the issue is exploitable via a crafted network request. Metrics indicate a CRITICAL base score of...

9.8CVSS5.5AI score0.01025EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/20 4:48 p.m.26 views

CVE-2026-2333 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds

Improper Neutralization of Special Elements used in a Command 'Command Injection' in Owl opds 2.2.0.4 allows Command Injection via a crafted network request...

9.2CVSS0.01025EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

Owl Cyber Defense OPDS 命令注入漏洞

Owl Cyber Defense OPDS is a network isolation device developed by Owl Cyber Defense Corporation. Version 2.2.0.4 of Owl Cyber Defense OPDS contains a command injection vulnerability, which stems from improper neutralization of special elements. This vulnerability may allow command injection attac...

9.8CVSS5.8AI score0.01025EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.14 views

PT-2026-21267

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...

6.8CVSS5.4AI score0.00089EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.7 views

SAP BusinessObjects BI Platform 安全漏洞

SAP BusinessObjects BI Platform is a centralized suite provided by German company SAP for data reporting, visualization, and sharing. There is a security vulnerability in the SAP BusinessObjects BI Platform, which can exploit a specially crafted network request to compromise authentication...

7.5CVSS5.8AI score0.00355EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/05 6:35 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the HttpUriPlugin component when HTTP redirects are followed without re-validating the allowed URIs. An attacker can cause unauthorized network requests to internal services and inclusion of untruste...

3.7CVSS5.4AI score0.002EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2026/01/29 4:39 p.m.11 views

USN-7985-1: TeX Live vulnerabilities

Shin Ando discovered that the Xpdf toolkit embedded in TeX Live incorrectly handled memory when decoding certain data streams. An attacker could possibly use this issue to cause TeX Live to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 20.04 L...

8.1CVSS7.3AI score0.00902EPSS
Exploits1
OSV
OSV
added 2026/01/29 4:39 p.m.7 views

USN-7985-1 texlive-bin vulnerabilities

Shin Ando discovered that the Xpdf toolkit embedded in TeX Live incorrectly handled memory when decoding certain data streams. An attacker could possibly use this issue to cause TeX Live to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 20.04 L...

8.1CVSS6.1AI score0.00902EPSS
Exploits1References5
Snyk
Snyk
added 2026/01/20 10:47 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Thread Pooling component. An attacker can cause the application to hang or crash repeatedly by sending specially crafted requests over the network with high privileges...

6.9CVSS5.5AI score0.00337EPSS
Exploits0References2
Rows per page
Query Builder