Lucene search
+L

1861 matches found

nvd
nvd
added 4 days ago9 views

CVE-2026-15497

A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/ExchangeController.java of the component JWT Authentication Filter. This manipulation causes code...

7.5CVSS0.00394EPSS
Exploits0References5
nvd
nvd
added 4 days ago5 views

CVE-2026-15496

A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command...

6.5CVSS0.01158EPSS
Exploits0References5
nvd
nvd
added 4 days ago6 views

CVE-2026-15495

A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The manipulation of the argument path leads to os command injection. The attack can be initiated remotel...

6.5CVSS0.01543EPSS
Exploits0References6
cve
cve
added 4 days ago12 views

CVE-2026-15497

Affected software / component: SonicCloudOrg sonic-agent (up to 2.7.2), specifically the JWT Authentication Filter in the ExchangeController.java path. Vulnerability: code injection vulnerability reported as enabling a remote attacker to manipulate code execution. Impact (per docs): remote exploi...

7.5CVSS6.6AI score0.00394EPSS
Exploits0References5
cvelist
cvelist
added 4 days ago32 views

CVE-2026-15497 SonicCloudOrg sonic-agent JWT Authentication Filter ExchangeController.java code injection

A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/ExchangeController.java of the component JWT Authentication Filter. This manipulation causes code...

7.5CVSS0.00394EPSS
Exploits0References5
euvd
euvd
added 4 days ago9 views

EUVD-2026-43218

A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References5
cvelist
cvelist
added 4 days ago33 views

CVE-2026-15496 SonicCloudOrg sonic-agent Groovy Script GroovyScriptImpl.java evalIsFailed os command injection

A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command...

6.5CVSS0.01158EPSS
Exploits0References5
cve
cve
added 4 days ago14 views

CVE-2026-15496

SonicCloudOrg sonic-agent (up to version 2.7.2) contains a remote os command injection in GroovyScriptImpl.evalIsFailed within Groovy Script Handler. The vulnerable function is in sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java. Exploitation is public and report...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References5
cvelist
cvelist
added 4 days ago34 views

CVE-2026-15495 SonicCloudOrg sonic-agent Android WebSocket Server AndroidWSServer.java os command injection

A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The manipulation of the argument path leads to os command injection. The attack can be initiated remotel...

6.5CVSS0.01543EPSS
Exploits0References6
cve
cve
added 4 days ago12 views

CVE-2026-15495

The vulnerability CVE-2026-15495 affects SonicCloudOrg sonic-agent up to version 2.7.2, specifically in the Android WebSocket Server component’s AndroidWSServer.java. The issue arises from manipulating the path argument, causing os command injection. It is remotely exploitable and has public disc...

6.5CVSS6.3AI score0.01543EPSS
Exploits0References6
euvd
euvd
added 4 days ago6 views

EUVD-2026-43217

A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The manipulation of the argument path leads to os command injection. The attack can be initiated remotel...

6.5CVSS6.3AI score0.01543EPSS
Exploits0References6
osv
osv
added 2026/06/17 5:7 a.m.7 views

MAL-2026-6043 Malicious code in @mastra/voice-aws-nova-sonic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c109adf5a77f9ace07bb1f5ec93cd8d3464bf675b7a93abc5fdfd64669f0c75 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
redhatcve
redhatcve
added 2026/06/05 7:46 p.m.10 views

CVE-2026-6620

A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has...

6.5CVSS6.1AI score0.00346EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/05 12:0 a.m.13 views

Sanic-CORS 安全漏洞

Sanic-CORS is a cross-domain resource sharing extension developed by Ashley Sommer. Versions of Sanic-CORS 2.2.0 and earlier contain security vulnerabilities. These vulnerabilities stem from improper use of regular expressions in the trymatch function; no anchor is added at the end, allowing...

6.5CVSS5.3AI score0.00164EPSS
Exploits0References4
euvd
euvd
added 2026/04/20 9:30 a.m.5 views

EUVD-2026-23811

A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has...

6.5CVSS5.3AI score0.00346EPSS
Exploits0References5
nvd
nvd
added 2026/04/20 9:16 a.m.10 views

CVE-2026-6620

A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has...

6.5CVSS0.00346EPSS
Exploits0References4
cve
cve
added 2026/04/20 8:15 a.m.12 views

CVE-2026-6620

Summary: CVE-2026-6620 affects SonicCloudOrg sonic-server (≤ 2.0.0). The vulnerability is in the file upload endpoint’s Upload function (FileTool.java), where manipulation of the Type argument enables path traversal. This could be exploited remotely; an exploit is publicly available. The vendor h...

6.5CVSS6.1AI score0.00346EPSS
Exploits0References4
cvelist
cvelist
added 2026/04/20 8:15 a.m.31 views

CVE-2026-6620 SonicCloudOrg sonic-server File Upload Endpoint FileTool.java upload path traversal

A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has...

6.5CVSS0.00346EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/04/20 8:15 a.m.5 views

CVE-2026-6620 SonicCloudOrg sonic-server File Upload Endpoint FileTool.java upload path traversal

A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has...

6.5CVSS5.3AI score0.00346EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/04/20 12:0 a.m.13 views

PT-2026-33735

A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has...

6.5CVSS6.1AI score0.00346EPSS
Exploits0References5
Rows per page
Query Builder