Lucene search
K

41215 matches found

CVE
CVE
added 2026/03/28 4:0 p.m.11 views

CVE-2026-5001

A vulnerability (CVE-2026-5001) affects PromtEngineer localGPT. The flaw resides in the function do_POST of the file backend/server.py , enabling unrestricted remote file upload . Exploit has been published and may be used (exploit maturity: proof-of-concept). The product uses a rolling release; ...

7.5CVSS6.6AI score0.00294EPSS
Exploits0References4
NVD
NVD
added 2026/03/28 3:16 p.m.4 views

CVE-2026-5000

A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. Impacted is the function LocalGPTHandler of the file backend/server.py of the component API Endpoint. The manipulation of the argument BaseHTTPRequestHandler results in missing authentication. T...

7.5CVSS0.00391EPSS
Exploits0References4
CVE
CVE
added 2026/03/28 3:0 p.m.7 views

CVE-2026-4999

The CVE-2026-4999 entry concerns z-9527 admin. A vulnerability is located in the uploadFile function in /server/utils/upload.js within the isImg Check component. Manipulating the fileType argument can trigger a path traversal, enabling remote exploitation. Publicly disclosed exploit details exist...

6.5CVSS6.1AI score0.00346EPSS
Exploits0References4
NVD
NVD
added 2026/03/28 1:16 p.m.8 views

CVE-2026-4997

A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function issqlquerysafe of the file pandasai/helpers/sqlsanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public an...

6.9CVSS0.0055EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/28 1:15 p.m.34 views

CVE-2026-4998 Sinaptik AI PandasAI Chat Message code_executor.py CodeExecutor.execute code injection

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/codeexecution/codeexecutor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be...

7.5CVSS0.00532EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/28 1:15 p.m.2 views

CVE-2026-4998

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/codeexecution/codeexecutor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be...

7.5CVSS5.6AI score0.00532EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/28 1:15 p.m.10 views

CVE-2026-4998

CVE-2026-4998 affects Sinaptik AI PandasAI up to 3.0.0, specifically the CodeExecutor.execute function in pandasai/core/code_execution/code_executor.py within the Chat Message Handler. The description states that executing a manipulation can lead to code injection, with remote exploitation possib...

7.5CVSS6.8AI score0.00532EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/28 12:30 p.m.2 views

EUVD-2026-16921

A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function deletequestionandanswers/deletedocs/updatequestionanswer/updatedocs/getrelevantquestionanswersbyid/getrelevantdocsbyid of the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb....

7.5CVSS5.7AI score0.00259EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/28 12:30 p.m.6 views

EUVD-2026-16917

A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message Event Handler. This manipulation causes cross site scripting. The attack can be initiated remotely...

5.1CVSS4.3AI score0.00191EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/28 12:23 p.m.3 views

CVE-2026-4997 Sinaptik AI PandasAI sql_sanitizer.py is_sql_query_safe path traversal

A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function issqlquerysafe of the file pandasai/helpers/sqlsanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public an...

6.9CVSS5.5AI score0.0055EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/28 12:23 p.m.3 views

CVE-2026-4997

A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function issqlquerysafe of the file pandasai/helpers/sqlsanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public an...

6.9CVSS5.5AI score0.0055EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/28 12:23 p.m.12 views

CVE-2026-4997

CVE-2026-4997 affects Sinaptik AI PandasAI up to version 3.0.0. The issue resides in is_sql_query_safe within pandasai/helpers/sql_sanitizer.py, where input manipulation enables path traversal. Exploitation is remote and the exploit has been released publicly. The vendor was contacted early but d...

6.9CVSS5.7AI score0.0055EPSS
Exploits0References4
NVD
NVD
added 2026/03/28 12:16 p.m.2 views

CVE-2026-4996

A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function deletequestionandanswers/deletedocs/updatequestionanswer/updatedocs/getrelevantquestionanswersbyid/getrelevantdocsbyid of the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb....

7.5CVSS0.00259EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/28 10:45 a.m.1 views

CVE-2026-4995 wandb OpenUI Window Message Event index.html cross site scripting

A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message Event Handler. This manipulation causes cross site scripting. The attack can be initiated remotely...

5.1CVSS4.3AI score0.00191EPSS
Exploits0References4
CVE
CVE
added 2026/03/28 10:45 a.m.6 views

CVE-2026-4995

wandb OpenUI up to version 1.0 is affected. The vulnerability targets the Window Message Event Handler in frontend/public/annotator/index.html, enabling cross-site scripting. Exploitation can be performed remotely, and the exploit has been publicly disclosed. The vendor was contacted early but di...

5.1CVSS4.3AI score0.00191EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/28 10:45 a.m.2 views

CVE-2026-4995

A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message Event Handler. This manipulation causes cross site scripting. The attack can be initiated remotely...

5.1CVSS4.3AI score0.00191EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.4 views

CVE-2026-4908

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit...

7.5CVSS6.8AI score0.00393EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.4 views

CVE-2026-4904

A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit...

9CVSS7.9AI score0.00746EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/28 12:31 a.m.4 views

EUVD-2026-16894

A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgifaddframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier ...

5.3CVSS5.8AI score0.00492EPSS
Exploits0References8
EUVD
EUVD
added 2026/03/28 12:31 a.m.2 views

EUVD-2026-16898

A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...

5.3CVSS5.5AI score0.00337EPSS
Exploits0References5
Rows per page
Query Builder