Lucene search
K

2477 matches found

Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-15321 MyEMS Admin Backend svg.py on_post cross site scripting

A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...

4.8CVSS0.0022EPSS
Exploits0References8
CVE
CVE
added 2 days ago10 views

CVE-2026-15321

CVE-2026-15321 (MyEMS Admin Backend) affects myems-api/core/svg.py, function on_post, in MyEMS

4.8CVSS4.3AI score0.0022EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42590

A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsubreadidx of the file /src/mediatools/vobsub.c of the component MP4Box. Executing a manipulation of the argument numlangs can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago10 views

EUVD-2026-42580

A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the function dwgbmp of the file src/dwg.c of the component BMP Image Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the...

5.3CVSS5.9AI score0.00133EPSS
Exploits0References10
NVD
NVD
added 6 days ago8 views

CVE-2026-14790

A flaw has been found in GPAC 26.02.0. This affects the function nhmldumpsendframe of the file src/filters/writenhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been published and may be...

4.8CVSS0.00115EPSS
Exploits0References7
NVD
NVD
added 2026/07/05 4:19 p.m.9 views

CVE-2026-14760

A weakness has been identified in radareorg radare2 up to 6.1.6. Impacted is the function rcoreseekarchbits of the file libr/core/disasm.c of the component regprofile Handler. Executing a manipulation can lead to use after free. The attack requires local access. The exploit has been made availabl...

7.8CVSS0.00135EPSS
Exploits1References7
EUVD
EUVD
added 2026/07/04 4:15 p.m.7 views

EUVD-2026-41680

A vulnerability was identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 213babdbaa949e94557246414db0130e01394517. This vulnerability affects the function checkForPostRequests of the file application/core/MYController.php of the component Subscribed Emails Admin Page. Such manipulation...

5.3CVSS4.1AI score0.00288EPSS
Exploits0References7
CVE
CVE
added 2026/07/04 2:0 p.m.22 views

CVE-2026-14630

ForceInjection AI-fundermentals 2.0/3.0 contains a vulnerability in the Memory Recall Handler: get_conversation_history (08_agentic_system/memory/langchain/code/smart_customer_service.py). The issue involves use of a weak hash, with remote exploitation possible but described as high complexity. E...

3.1CVSS4.9AI score0.0016EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/09 2:30 a.m.13 views

CVE-2026-11619

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the...

6.5CVSS5AI score0.00209EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/06/08 10:16 a.m.14 views

CVE-2026-11500

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS0.00281EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/08 9:0 a.m.7 views

CVE-2026-11500

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS4.9AI score0.00281EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47311

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read resource of the file src/mysql mcp server/server.py of the component mysql URI Handler. This manipulation of the argument uri str causes sql injection. Remote exploitation of t...

6.5CVSS6.3AI score0.00205EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.9 views

CVE-2026-7135

A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elngboxread of the file src/isomedia/boxcodebase.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack...

5.3CVSS5.1AI score0.00113EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.15 views

CVE-2026-7397

A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function checksensitivepath of the file tools/filetools.py. The manipulation results in symlink following. Attacking locally is a requirement. The exploit has been released to the public and may be used for...

4.8CVSS5AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.9 views

CVE-2026-7237

A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument filepath results in path traversal. The attack may be...

7.5CVSS6.8AI score0.00448EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 2:16 p.m.13 views

CVE-2026-11330

A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the component Observation Content Hash Handler. This manipulation causes use of weak hash. The attack c...

3.6CVSS0.00075EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/04 3:0 p.m.10 views

CVE-2026-10814

A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kvcatalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The...

4.5CVSS4.8AI score0.00089EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/06/04 9:45 a.m.12 views

EUVD-2026-34239

A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hashfeatures of the file fastdeploy/multimodal/hasher.py of the component MultimodalHasher. Executing a manipulation can lead to use of weak hash. The attack requires local access. A high...

3.6CVSS5.2AI score0.00075EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/06/04 2:30 a.m.13 views

SUSE CVE-2026-10650

A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...

6.9CVSS5.7AI score0.00429EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 11:45 p.m.7 views

CVE-2026-10692

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...

5.3CVSS5.4AI score0.0031EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder