CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/17 7:16 a.m.•41 views

CVE-2026-8736

A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be...

4.3CVSS0.00216EPSS

CVE•added 2026/05/17 6:15 a.m.•15 views

CVE-2026-8736

Technical details about CVE-2026-8736 are not publicly available in the provided documents. Monitor for updates.

EUVD•added 2026/05/17 6:15 a.m.•19 views

EUVD-2026-30685

Vulnrichment•added 2026/05/17 6:15 a.m.•9 views

CVE-2026-8736 Oinone Pamirs RestController LocalFileClient.java request.getParameter path traversal

NVD•added 2026/05/17 4:16 a.m.•10 views

CVE-2026-8728

A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogssbidiscoveryoptionparseplmnlist in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argument target-plmn-list leads to denial of service. The attack can be executed...

6.5CVSS0.0039EPSS

Exploits1References6

Vulnrichment•added 2026/05/17 3:30 a.m.•8 views

CVE-2026-8729 Open5GS NRF message.c denial of service

A vulnerability was detected in Open5GS up to 2.7.7. This affects an unknown function in the library /lib/sbi/message.c of the component NRF. Performing a manipulation of the argument service-names/snssais results in denial of service. The attack is possible to be carried out remotely. The exploi...

5.3CVSS5.5AI score0.0039EPSS

Exploits1References6

CNNVD•added 2026/05/17 12:0 a.m.•10 views

WordPress plugin Google Drive 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.7CVSS5.9AI score0.00641EPSS

CNNVD•added 2026/05/17 12:0 a.m.•8 views

Bylancer Zechat SQL注入漏洞

Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat has a SQL injection vulnerability. This vulnerability stems from the v parameter being subject to SQL injecti...

Positive Technologies•added 2026/05/17 12:0 a.m.•10 views

PT-2026-41521

Positive Technologies•added 2026/05/17 12:0 a.m.•14 views

Exploits0References5

PT-2026-41515

5.3CVSS5.5AI score0.0039EPSS

Exploits1References7

CNNVD•added 2026/05/17 12:0 a.m.•8 views

Nordex N149/4.0-4.5 Wind Turbine Web Server SQL注入漏洞

The Nordex N149/4.0-4.5 Wind Turbine Web Server is a web server component developed by the German company Nordex, used for remote monitoring and management of the Nordex N149 wind turbine system. The 4.0 version of the Nordex N149/4.0-4.5 Wind Turbine Web Server has a SQL injection vulnerability...

8.8CVSS6.2AI score0.00343EPSS

Positive Technologies•added 2026/05/17 12:0 a.m.•8 views

PT-2026-41565

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...

CNNVD•added 2026/05/17 12:0 a.m.•7 views

Kalcaddle Kodbox 注入漏洞

Kalcaddle Kodbox is a private cloud storage and online collaborative office platform developed by Kalcaddle. Versions of Kalcaddle Kodbox prior to 1.64 have a injection vulnerability. This vulnerability stems from the improper handling of the parameter fmpegBin in the parseVideoInfo function of t...

6.5CVSS6.6AI score0.01182EPSS

Exploits0References2

Positive Technologies•added 2026/05/17 12:0 a.m.•12 views

PT-2026-41564

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...

CNNVD•added 2026/05/17 12:0 a.m.•22 views

Kilo Code 路径遍历漏洞

Kilo Code is an open-source AI coding assistant developed by Kilo Code. Versions of Kilo Code 7.0.47 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of parameters File in the Bun.file function within the File Diff API Endpoint component...

6.5CVSS5.8AI score0.0058EPSS

Exploits1References1

CNNVD•added 2026/05/17 12:0 a.m.•9 views

Bert-VITS2 路径遍历漏洞

Bert-VITS2 is a core text-to-speech model developed by Fish Audio. Bert-VITS2 has a path traversal vulnerability. This vulnerability stems from the improper handling of the datadir parameter in the generateconfig function of the Gratuit Interface component, resulting in path traversal. Attackers...

7.5CVSS7.1AI score0.00512EPSS

Exploits0References2

CNNVD•added 2026/05/17 12:0 a.m.•8 views

AstrBot 路径遍历漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework developed by AstrBot. Versions of AstrBot 4.23.5 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of the postfile function in the File Upload Handler component...

6.5CVSS6.5AI score0.00358EPSS

Exploits0References2

CNNVD•added 2026/05/17 12:0 a.m.•11 views

Bylancer Zechat SQL注入漏洞

Positive Technologies•added 2026/05/17 12:0 a.m.•10 views

PT-2026-41560

Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...

5.4CVSS5.8AI score0.00145EPSS