88703 matches found
PT-2026-33691
A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create upload file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack...
PT-2026-33728
A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the component Multipart Upload Handler. This manipulation of the argument Name causes path traversal. It is possible to initia...
PT-2026-33720
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function delete agent/stop schedule/get schedule data of the file superagi/controllers/agent.py. The manipulation of the argument agent id leads to authorization bypass. The attack is possible to be carrie...
PT-2026-33781
A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item Name results in cross site scripting. The attack may be launched remotely. The exploit has been...
PT-2026-33725
Name of the Vulnerable Software and Affected Versions EasyFlow .NET affected versions not specified Description EasyFlow .NET developed by Digiwin contains a SQL Injection flaw. This allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database...
ROS-20260420-73-0026
Vulnerability in python-aiohttp related to a flaw in http request handling. Exploitation of the vulnerability could allow a remote attacker to send a hidden http request http request smuggling attack...
ROS-20260420-73-0040
Vulnerability in beats related to uncontrolled memory allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20260420-73-0027
Vulnerability in python-aiohttp related to a flaw in http request handling. Exploitation of the vulnerability could allow a remote attacker to send a hidden http request http request smuggling attack...
ROS-20260420-73-0023
Vulnerability in python-aiohttp related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
PT-2026-33757
A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function tool call of the file apps/experimental/tools webhook/app.py of the component tools webhook. Such manipulation of the argument X-Tools-JWE leads to improper authentication. The attack may be...
CVE-2026-6579 liangliangyy DjangoBlog Clean Endpoint views.py missing authentication
A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the...
EUVD-2026-23707
A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...
CVE-2026-6578
Summary: CVE-2026-6578 affects the DjangoBlog app by liangliangyy up to version 2.1.0.0. The issue is located in djangoblog/settings.py (Setting Handler) where manipulating the SECRET_KEY leads to hard-coded credentials. It is possible to launch an attack remotely with high complexity, and the ex...
CVE-2026-6570 kodcloud KodExplorer systemMember.class.php initInstall authorization
A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has be...
CVE-2026-6570 kodcloud KodExplorer systemMember.class.php initInstall authorization
A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has be...
CVE-2026-6569 kodcloud KodExplorer fileGet Endpoint share.class.php improper authentication
A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be launched remotely. The...
CVE-2026-6564
A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and could be used. The...
EUVD-2026-23690
A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to...
CVE-2026-6562
A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be use...
CVE-2026-6563 H3C Magic B1 aspForm SetAPWifiorLedInfoById buffer overflow
A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to...