40931 matches found
PT-2026-41542
Name of the Vulnerable Software and Affected Versions h2oai h2o-3 versions prior to 7402 Description A weakness in the Rapids setproperty Primitive Handler allows remote attackers to bypass access controls. The issue resides in the exec function within the file...
PT-2026-41566
Name of the Vulnerable Software and Affected Versions fishaudio Bert-VITS2 versions prior to 8f7fbd8c4770965225d258db548da27dc8dd934c Description A path traversal flaw exists in the Model Handler component, specifically within the get all models function of the hiyoriUI.py file. This issue allows...
PT-2026-41538
A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover handler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation results in use after free. The attack can be launched remotely. The exploit has been released to the...
PT-2026-41585
Name of the Vulnerable Software and Affected Versions Kilo-Org kilocode versions prior to 7.0.48 Description A path traversal issue exists in the File Diff API Endpoint within the Bun.file function of the packages/opencode/src/kilocode/review/worktree-diff.ts file. A remote attacker can trigger...
PublicCMS 安全漏洞
PublicCMS is an open-source content management system CMS developed by PublicCMS Company in China using the Java language. Version Sanluan PublicCMS 5.202506.d contains a security vulnerability. This vulnerability stems from the improper handling of the templateContent parameter in the execute...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the ogstimeradd function in the nausf-handler.c file within the...
H2O 安全漏洞
H2O is an open-source memory platform for distributed, scalable machine learning developed by H2O.ai. Versions of H2O such as h2o-3 7402 and earlier contain security vulnerabilities. These vulnerabilities stem from improper access control in the exec function of the AstSetProperty.java file withi...
AstrBot 路径遍历漏洞
AstrBot is an open-source multi-platform LLM chatbot and development framework developed by AstrBot. Versions of AstrBot 4.23.5 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of the postfile function in the File Upload Handler component...
Vercel AI SDK 资源管理错误漏洞
Vercel AI SDK is a JavaScript SDK provided by Vercel that supports the integration of large language models, streaming responses, and AI application development. Vercel AI SDK versions 3.0.97 and earlier contain a resource management vulnerability. This vulnerability stems from the functions...
PT-2026-41516
A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogs sbi nf instance set id in the library /lib/sbi/context.c of the component NRF. Executing a manipulation of the argument nfInstanceId can lead to denial of service. The attack may be performed from remote. The exploit has...
PT-2026-41519
A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable of the component queryListByWrapper Interface. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been publicly...
PT-2026-41536
A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function ogs sbi subscription data add/ogs sbi nf service add in the library /lib/sbi/context.c of the component NRF. Executing a manipulation can lead to denial of service. It is possible to launch the attack remotely. The...
PT-2026-41569
Name of the Vulnerable Software and Affected Versions MetaCRM versions prior to 6.4.0 Beta06 Description An unrestricted file upload issue exists in the '/common/jsp/upload3.jsp' file. A remote attacker can exploit this by manipulating the File argument, allowing the upload of unauthorized files...
PT-2026-41568
Name of the Vulnerable Software and Affected Versions adenhq hive versions prior to 0.11.0 Description A path traversal issue exists in the Delete Request Handler component. A remote attacker can perform a manipulation affecting the read events tail function within the core/framework/server/route...
PT-2026-41567
Name of the Vulnerable Software and Affected Versions fishaudio Bert-VITS2 versions up to 8f7fbd8c4770965225d258db548da27dc8dd934c Description A path traversal issue exists in the Gradio Interface component. A remote attacker can manipulate the data dir argument within the generate config functio...
PT-2026-41590
A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...
PT-2026-41514
A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogs sbi discovery option parse plmn list in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argument target-plmn-list leads to denial of service. The attack can be...
Metasoft MetaCRM 访问控制错误漏洞
Metasoft MetaCRM is a customer relationship management system software developed by Metasoft, a Chinese company. Versions of Metasoft MetaCRM 6.4.0 Beta06 and earlier contained a access control error vulnerability. This vulnerability stemmed from an improper handling of the File parameter by an...
PT-2026-41544
Name of the Vulnerable Software and Affected Versions AstrBotDevs AstrBot versions prior to 4.23.6 Description A path traversal issue exists in the File Upload Handler component within the post file function of the astrbot/dashboard/routes/chat.py file. This occurs when the filename argument is...
PT-2026-41522
A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java of the component Trade Address Query Handler. Executing a manipulation of the argume...