Lucene search
K

41224 matches found

Vulnrichment
Vulnrichment
added 2026/03/27 2:52 p.m.4 views

CVE-2026-4957 OpenBMB XAgent API Key function_handler.py FunctionHandler.handle_tool_call log file

A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handletoolcall of the file XAgent/functionhandler.py of the component API Key Handler. This manipulation of the argument apikey causes sensitive information in log files. The attack may be initiate...

5.1CVSS5.5AI score0.0028EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/27 2:52 p.m.8 views

CVE-2026-4957

A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handletoolcall of the file XAgent/functionhandler.py of the component API Key Handler. This manipulation of the argument apikey causes sensitive information in log files. The attack may be initiate...

5.1CVSS5.5AI score0.0028EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/27 2:52 p.m.23 views

CVE-2026-4957 OpenBMB XAgent API Key function_handler.py FunctionHandler.handle_tool_call log file

A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handletoolcall of the file XAgent/functionhandler.py of the component API Key Handler. This manipulation of the argument apikey causes sensitive information in log files. The attack may be initiate...

5.1CVSS0.0028EPSS
Exploits1References4
CVE
CVE
added 2026/03/27 2:52 p.m.10 views

CVE-2026-4957

OpenBMB XAgent 1.0.0 is affected. The issue sits in the file XAgent/function_handler.py, inside the API Key Handler, specifically the function FunctionHandler.handle_tool_call . Manipulating the argument api_key can cause sensitive information to be written to log files. This enables a remote att...

5.1CVSS5.5AI score0.0028EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/27 2:52 p.m.1 views

CVE-2026-4956

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launch...

7.5CVSS5.8AI score0.00318EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/27 2:52 p.m.16 views

CVE-2026-4956

A CVE for Shenzhen Ruiming Technology Streamax Crocus 1.3.44 affecting the Parameter Handler’s DevicePrint.do?Action=ReadTask function. The vulnerability arises from manipulation of the State argument, leading to SQL injection. It is exploitable remotely and the exploit is public. The CVE notes n...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/27 2:52 p.m.26 views

CVE-2026-4956 Shenzhen Ruiming Technology Streamax Crocus Parameter DevicePrint.do sql injection

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launch...

7.5CVSS0.00318EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/27 2:52 p.m.4 views

CVE-2026-4956 Shenzhen Ruiming Technology Streamax Crocus Parameter DevicePrint.do sql injection

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launch...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/27 2:51 p.m.2 views

CVE-2026-4955

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made public and could ...

7.5CVSS5.7AI score0.00254EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 2:13 p.m.5 views

CVE-2026-4954 mingSoft MCMS Web Content List Endpoint ContentAction.java list sql injection

A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...

6.5CVSS6.3AI score0.00192EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/27 2:13 p.m.4 views

CVE-2026-4953

A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible...

7.5CVSS6.7AI score0.00278EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/27 2:7 p.m.7 views

OESA-2026-1773 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classifie...

5.3CVSS4.8AI score0.00388EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/27 5:24 a.m.6 views

CVE-2026-32669

Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products...

8.8CVSS7.3AI score0.00266EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.5 views

CVE-2026-4835

A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of the file /myaccount/addcostumer.php of the component Web Application Interface. Such manipulation of the argument costumername leads to cross site scripting. The attack may be...

5.1CVSS3.9AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.6 views

CVE-2026-4836

A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /myaccount/delete.php. Performing a manipulation of the argument cosid results in sql injection. It is possible to initiate the attack remotely. The exploit is now public a...

6.5CVSS6.6AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.3 views

CVE-2026-4841

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file form/cart.php of the component Shopping Cart Module. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit h...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.5 views

CVE-2026-4831

A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the file /workspace/source-code/app/controller/explorer/auth.class.php of the component Password-protected Share Handler. Performing a manipulation results in improper authentication. The attack is...

6.3CVSS4.9AI score0.0048EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.4 views

CVE-2026-4838

A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the file /display.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be us...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.3 views

CVE-2026-4844

A vulnerability was detected in code-projects Online Food Ordering System 1.0. This issue affects some unknown processing of the file /admin.php of the component Admin Login Module. The manipulation of the argument Username results in sql injection. The attack may be performed from remote. The...

7.5CVSS6.9AI score0.00325EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 4:16 a.m.2 views

CVE-2026-4910

A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus up to 1.3.44. Affected is an unknown function of the file /RemoteFormat.do of the component Endpoint. Such manipulation of the argument State leads to sql injection. It is possible to launch the attack...

7.5CVSS0.00259EPSS
Exploits0References4
Rows per page
Query Builder