CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

118 matches found

CVE-2026-10152

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

6.5CVSS6.3AI score0.00036EPSS

Exploits0References1

Nuclei•added yesterday•11 views

D-Tale 3.10.0 - 3.15.1 - Authentication Bypass & Remote Code Execution

man-group/dtale 3.10.0 contains an authentication bypass and remote code execution caused by improper input validation and a hardcoded SECRETKEY in Flask configuration, letting attackers forge session cookies and execute arbitrary code, exploit requires attacker to access the application. id:...

9.8CVSS8.1AI score0.91737EPSS

Exploits5References2

NVD•added 5 days ago•6 views

CVE-2026-10152

6.5CVSS0.00036EPSS

Exploits0References5

CVE•added 5 days ago•9 views

CVE-2026-10152

TaleLin lin-cms-spring-boot up to 0.2.1 contains an access-control issue in the BookEndpoint path BookController.java. The underlying cause is stated as improper access controls due to some unknown file processing, with a remote attack possibility and public exploit availability. No specific vuln...

6.5CVSS6.3AI score0.00036EPSS

Exploits0References5

Cvelist•added 5 days ago•27 views

CVE-2026-10152 TaleLin lin-cms-spring-boot book Endpoint BookController.java access control

6.5CVSS0.00036EPSS

Exploits0References5

RedhatCVE•added 2026/04/07 11:1 p.m.•1 views

CVE-2026-35052

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the...

9.8CVSS6.5AI score0.00124EPSS

Exploits0References1

NVD•added 2026/04/06 6:16 p.m.•1 views

CVE-2026-35052

9.8CVSS0.00124EPSS

Exploits0References1

Vulnrichment•added 2026/04/06 5:32 p.m.•1 views

CVE-2026-35052 D-Tale affected by Remote Code Execution through redis/shelf storage

5.3CVSS6.5AI score0.00124EPSS

Exploits0References1

Cvelist•added 2026/04/06 5:32 p.m.•13 views

CVE-2026-35052 D-Tale affected by Remote Code Execution through redis/shelf storage

5.3CVSS0.00124EPSS

Exploits0References1

CVE•added 2026/04/06 5:32 p.m.•6 views

CVE-2026-35052

D-Tale (Flask backend + React frontend) prior to version 3.22.0 is vulnerable when hosted publicly with Redis or shelf storage, allowing remote code execution on the server. The issue stems from how the global state/storage could be exploited; upgrading to 3.22.0 fixes the vulnerability. Affected...

9.8CVSS6.5AI score0.00124EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/04/06 5:32 p.m.•0 views

CVE-2026-35052

5.3CVSS6.5AI score0.00124EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/04/06 12:0 a.m.•3 views

Man D-Tale 跨站脚本漏洞

Man D-Tale is a visualization tool for pandas data structures within the Man company. Versions of Man D-Tale prior to 3.22.0 contained a cross-site scripting vulnerability. This vulnerability could lead to remote code execution attacks when using Redis or Shelf storage layers...

9.8CVSS6.3AI score0.00124EPSS

Exploits0References2

Veracode•added 2026/04/04 5:28 a.m.•4 views

Remote Code Execution

D-Tale is vulnerable to Remote Code Execution. The vulnerability is due to the use of redis or shelf storage layer, where users hosting D-Tale publicly could allow attackers to run malicious code on the server...

9.8CVSS5.5AI score0.00124EPSS

Exploits0References2Affected Software1

OSV•added 2026/04/03 3:44 a.m.•0 views

GHSA-436G-FHFC-9G5W D-Tale: Remote Code Execution through redis/shelf storage

Impact Users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.22.0. Workarounds There are no workarounds for versions 3.22.0...

5.3CVSS6.5AI score0.00124EPSS

Exploits0References3

Github Security Blog•added 2026/04/03 3:44 a.m.•4 views

D-Tale: Remote Code Execution through redis/shelf storage

9.8CVSS6.5AI score0.00124EPSS

Exploits0References3Affected Software1

NVD•added 2026/02/21 5:17 a.m.•2 views

CVE-2026-27194

D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. This issue...

9.8CVSS0.00148EPSS

Exploits0References2

CVE•added 2026/02/21 4:25 a.m.•6 views

CVE-2026-27194

D-Tale (Python package dtale) is affected by CVE-2026-27194 due to a flaw in the /save-column-filter endpoint that allows Remote Code Execution. The issue arises from improper validation when constructing column filters via pandas DataFrame.query(), enabling an attacker to execute arbitrary code ...

9.8CVSS6.7AI score0.00148EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/02/21 4:25 a.m.•2 views

CVE-2026-27194

9.3CVSS6.7AI score0.00148EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/02/21 4:25 a.m.•21 views

CVE-2026-27194 D-Tale affected by Remote Code Execution through the /save-column-filter endpoint

9.3CVSS0.00148EPSS

Exploits0References2

Vulnrichment•added 2026/02/21 4:25 a.m.•3 views

CVE-2026-27194 D-Tale affected by Remote Code Execution through the /save-column-filter endpoint