Lucene search
+L

2488 matches found

euvd
euvd
added 3 days ago6 views

EUVD-2026-43264

A security flaw has been discovered in tugcantopaloglu godot-mcp 2.0.0. Affected by this vulnerability is the function validatePath of the file build/index.js of the component runproject. The manipulation of the argument projectPath results in path traversal. Attacking locally is a requirement. T...

5.3CVSS5.9AI score0.00137EPSS
Exploits0References8
osv
osv
added 3 days ago3 views

CVE-2026-15522 tugcantopaloglu godot-mcp run_project index.js validatePath path traversal

A security flaw has been discovered in tugcantopaloglu godot-mcp 2.0.0. Affected by this vulnerability is the function validatePath of the file build/index.js of the component runproject. The manipulation of the argument projectPath results in path traversal. Attacking locally is a requirement. T...

4.8CVSS5.8AI score0.00137EPSS
Exploits0References10
euvd
euvd
added 3 days ago10 views

EUVD-2026-43263

A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompressR2004section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The explo...

5.3CVSS6.1AI score0.00136EPSS
Exploits0References10
cvelist
cvelist
added 6 days ago34 views

CVE-2026-15321 MyEMS Admin Backend svg.py on_post cross site scripting

A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...

4.8CVSS0.0022EPSS
Exploits0References8
cve
cve
added 6 days ago11 views

CVE-2026-15321

CVE-2026-15321 (MyEMS Admin Backend) affects myems-api/core/svg.py, function on_post, in MyEMS

4.8CVSS4.3AI score0.0022EPSS
Exploits0References8
euvd
euvd
added last week8 views

EUVD-2026-42590

A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsubreadidx of the file /src/mediatools/vobsub.c of the component MP4Box. Executing a manipulation of the argument numlangs can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References8
euvd
euvd
added last week10 views

EUVD-2026-42580

A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the function dwgbmp of the file src/dwg.c of the component BMP Image Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the...

5.3CVSS5.9AI score0.00133EPSS
Exploits0References10
nvd
nvd
added 2026/07/06 3:16 a.m.8 views

CVE-2026-14790

A flaw has been found in GPAC 26.02.0. This affects the function nhmldumpsendframe of the file src/filters/writenhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been published and may be...

4.8CVSS0.00115EPSS
Exploits0References7
nvd
nvd
added 2026/07/05 4:19 p.m.9 views

CVE-2026-14760

A weakness has been identified in radareorg radare2 up to 6.1.6. Impacted is the function rcoreseekarchbits of the file libr/core/disasm.c of the component regprofile Handler. Executing a manipulation can lead to use after free. The attack requires local access. The exploit has been made availabl...

7.8CVSS0.00135EPSS
Exploits1References7
euvd
euvd
added 2026/07/04 4:15 p.m.9 views

EUVD-2026-41680

A vulnerability was identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 213babdbaa949e94557246414db0130e01394517. This vulnerability affects the function checkForPostRequests of the file application/core/MYController.php of the component Subscribed Emails Admin Page. Such manipulation...

5.3CVSS4.1AI score0.00288EPSS
Exploits0References7
cve
cve
added 2026/07/04 2:0 p.m.23 views

CVE-2026-14630

ForceInjection AI-fundermentals 2.0/3.0 contains a vulnerability in the Memory Recall Handler: get_conversation_history (08_agentic_system/memory/langchain/code/smart_customer_service.py). The issue involves use of a weak hash, with remote exploitation possible but described as high complexity. E...

3.1CVSS4.9AI score0.0016EPSS
Exploits0References7
osv
osv
added 2026/07/04 10:15 a.m.4 views

CVE-2026-14624 omec-project amf NGSetupRequest handler.go denial of service

A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf/ngap/handler.go of the component NGSetupRequest Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit is public...

5.3CVSS5.3AI score0.00317EPSS
Exploits0References10
osv
osv
added 2026/06/29 1:30 a.m.4 views

CVE-2026-13523 GPAC ISOBMFF base_encoding.c data amplification

A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/baseencoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The attack needs to be launched locally. The exploit has been made available to the...

4.8CVSS5.3AI score0.00112EPSS
Exploits0References10
attackerkb
attackerkb
added 2026/06/09 2:30 a.m.13 views

CVE-2026-11619

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the...

6.5CVSS5AI score0.00209EPSS
Exploits0References7Affected Software1
nvd
nvd
added 2026/06/08 10:16 a.m.14 views

CVE-2026-11500

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS0.00281EPSS
Exploits0References8
attackerkb
attackerkb
added 2026/06/08 9:0 a.m.7 views

CVE-2026-11500

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS4.9AI score0.00281EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.20 views

PT-2026-47311

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read resource of the file src/mysql mcp server/server.py of the component mysql URI Handler. This manipulation of the argument uri str causes sql injection. Remote exploitation of t...

6.5CVSS6.3AI score0.00205EPSS
Exploits0References9
redhatcve
redhatcve
added 2026/06/05 7:50 p.m.9 views

CVE-2026-7135

A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elngboxread of the file src/isomedia/boxcodebase.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack...

5.3CVSS5.1AI score0.00113EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:50 p.m.16 views

CVE-2026-7397

A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function checksensitivepath of the file tools/filetools.py. The manipulation results in symlink following. Attacking locally is a requirement. The exploit has been released to the public and may be used for...

4.8CVSS5AI score0.00138EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:39 p.m.9 views

CVE-2026-7237

A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument filepath results in path traversal. The attack may be...

7.5CVSS6.8AI score0.00448EPSS
Exploits0References1
Rows per page
Query Builder