Lucene search
K

41223 matches found

CVE
CVE
added 2026/05/17 12:15 p.m.18 views

CVE-2026-8754

CVE-2026-8754 affects AstrBotDevs AstrBot up to version 4.23.5. The vulnerability is in the File Upload Handler, specifically the function post_file in astrbot/dashboard/routes/chat.py , where filename manipulation enables a path traversal. Remote exploitation is possible, with the exploit descri...

6.5CVSS6.2AI score0.00358EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/17 12:15 p.m.41 views

CVE-2026-8754 AstrBotDevs AstrBot File Upload chat.py post_file path traversal

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

6.5CVSS0.00358EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/17 12:15 p.m.6 views

CVE-2026-8754 AstrBotDevs AstrBot File Upload chat.py post_file path traversal

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

6.5CVSS6.2AI score0.00358EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:15 p.m.8 views

CVE-2026-8754

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

6.5CVSS6.2AI score0.00358EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/05/17 12:15 p.m.24 views

EUVD-2026-30700

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

6.5CVSS6.2AI score0.00358EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/17 12:0 p.m.42 views

CVE-2026-8753 kalcaddle Kodbox fileThumb Plugin VideoResize.class.php parseVideoInfo command injection

A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php of the component fileThumb Plugin. The manipulation of the argument ffmpegBin leads to command...

6.5CVSS0.01182EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/17 11:45 a.m.41 views

CVE-2026-8752 h2oai h2o-3 Rapids setproperty Primitive AstSetProperty.java exec access control

A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access...

6.9CVSS0.0031EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 11:45 a.m.12 views

EUVD-2026-30699

A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access...

6.9CVSS5.7AI score0.0031EPSS
Exploits0References4
NVD
NVD
added 2026/05/17 11:16 a.m.18 views

CVE-2026-8746

A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discoverhandler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation results in use after free. The attack can be launched remotely. The exploit has been released to the...

6.5CVSS0.00367EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/17 10:45 a.m.54 views

CVE-2026-8750 h2oai h2o-3 ImportFile API PersistNFS.java importFiles information disclosure

A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. Th...

6.9CVSS0.00497EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 10:45 a.m.21 views

EUVD-2026-30694

A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. Th...

6.9CVSS5.8AI score0.00497EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 10:30 a.m.15 views

EUVD-2026-30696

A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zbsystem/function/csystemevent.php of the component Commend Approval Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been made...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References4
CVE
CVE
added 2026/05/17 10:30 a.m.24 views

CVE-2026-8747

CVE-2026-8747 affects Z-BlogPHP 1.7.4.3430, specifically the CheckComment function in zb_system/function/c_system_event.php within the Commend Approval Handler. The issue arises from a manipulation that yields improper authorization. The vulnerability can be triggered remotely, and public Exploit...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/17 10:30 a.m.9 views

CVE-2026-8747

A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zbsystem/function/csystemevent.php of the component Commend Approval Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been made...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References4
NVD
NVD
added 2026/05/17 10:16 a.m.18 views

CVE-2026-8743

A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ranuefindbyamfuengapid of the file src/amf/context.c of the component AMF/MME. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit has been made public...

6.5CVSS0.00224EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/05/17 10:15 a.m.8 views

CVE-2026-8746 Open5GS NRF nghttp2-server.c discover_handler use after free

A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discoverhandler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation results in use after free. The attack can be launched remotely. The exploit has been released to the...

5.3CVSS5.4AI score0.00367EPSS
Exploits1References5
CVE
CVE
added 2026/05/17 10:15 a.m.17 views

CVE-2026-8746

Open5GS up to 2.7.7 contains a use-after-free in NRF’s discover_handler function ( /lib/sbi/nghttp2-server.c ). The vulnerability can be triggered remotely; public exploit exists according to the description. Affected component: NRF within Open5GS. Exploit maturity is noted as PROOF-OF-CONCEPT in...

6.5CVSS5.4AI score0.00367EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/05/17 10:15 a.m.46 views

CVE-2026-8746 Open5GS NRF nghttp2-server.c discover_handler use after free

A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discoverhandler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation results in use after free. The attack can be launched remotely. The exploit has been released to the...

5.3CVSS0.00367EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/17 10:15 a.m.12 views

EUVD-2026-30695

A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discoverhandler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation results in use after free. The attack can be launched remotely. The exploit has been released to the...

5.3CVSS5.4AI score0.00367EPSS
Exploits1References5
CVE
CVE
added 2026/05/17 9:45 a.m.20 views

CVE-2026-8745

Technical details are not publicly available in the provided documents; no information on affected versions, root cause, or remediation beyond the description. Monitor for updates.

6.5CVSS5.5AI score0.00372EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder