Lucene search
K

39 matches found

RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.17 views

CVE-2026-44660

A flaw was found in UltraJSON, a fast JSON encoder and decoder. When the ujson.dump function attempts to write data to a file-like object and an error occurs during this operation, the memory allocated for the serialized JSON string is not properly released. This continuous failure to deallocate...

8.7CVSS5AI score0.00421EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2026/05/27 8:42 p.m.8 views

CVE-2026-44660

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operatio...

8.7CVSS5.8AI score0.00421EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/04/28 6:45 a.m.9 views

CVE-2026-7237 AgiFlow scaffold-mcp write-to-file Tool index.ts path traversal

A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument filepath results in path traversal. The attack may be...

7.5CVSS7AI score0.00448EPSS
Exploits0References7
CVE
CVE
added 2026/04/28 6:45 a.m.14 views

CVE-2026-7237

Technical details about CVE-2026-7237 are not publicly available in the provided documents. Monitor for updates.

7.5CVSS7.1AI score0.00448EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/28 6:45 a.m.34 views

CVE-2026-7237 AgiFlow scaffold-mcp write-to-file Tool index.ts path traversal

A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument filepath results in path traversal. The attack may be...

7.5CVSS0.00448EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.8 views

scaffold-mcp 路径遍历漏洞

Scaffold-mcp is a scaffolding tool developed by AgiFlow for quickly building model context protocols. Versions of scaffold-mcp 1.0.27 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the filepath parameter in the packages/scaffold-mcp/src/server/index.ts file...

7.5CVSS7.2AI score0.00448EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35682

A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument file path results in path traversal. The attack may b...

7.5CVSS5.1AI score0.00448EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/14 9:53 p.m.18 views

CVE-2026-33020 libsixel: Integer Overflow in write_png_to_file() leads to Heap-based Buffer Overflow

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow which leads to a heap buffer overflow via sixelframeconverttorgb888 in frame.c, where allocation size and pointer offset computations for palettised images PAL1, PAL...

7.1CVSS0.00205EPSS
Exploits1References2
CVE
CVE
added 2026/04/05 7:0 p.m.23 views

CVE-2026-5595

The CVE-2026-5595 entry affects griptape-ai griptape 0.19.4, specifically the FileManagerTool functions load_files_from_disk, list_files_from_disk, save_content_to_file, and save_memory_artifacts_to_disk, with a path traversal flaw. The issue can be exploited remotely and the exploit has been pub...

6.5CVSS6.1AI score0.00339EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/31 12:0 a.m.2 views

CVE-2026-29870

A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpointdir parameter in OfflineACE.run. The savetofile method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to...

7.6CVSS6.3AI score0.00578EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/10 9:22 a.m.25 views

CVE-2026-0831 Templately <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write

The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the savetemplatetofile function where user-controlled parameters like sessionid, contentid, and aipageids are used to construct file...

5.3CVSS0.00233EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.4 views

WordPress plugin Templately 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.6AI score0.00233EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/17 5:18 a.m.3 views

CVE-2025-10057 WP Import – Ultimate CSV XML Importer for WordPress 7.20 - 7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.28. This is due to the writetocustomfile function writing unfiltered PHP code to a file. This makes it possible for authenticated attackers,...

8.8CVSS7.2AI score0.0068EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.5 views

Smart PLC AC14xx and Smart PLC AC4xxS Operating System Command Injection Vulnerability

The ifm electronic Smart PLC AC14xx and ifm electronic Smart PLC AC4xxS are a series of hosts/gateways from ifm electronic, Germany. An operating system command injection vulnerability exists in Smart PLC AC14xx and Smart PLC AC4xxS versions 4.3.17 and earlier, which originates from a remote...

7.2CVSS7.7AI score0.00766EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/06/07 12:0 a.m.7 views

Fedora: Security Advisory for rust-uu_tee (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
OSV
OSV
added 2024/01/09 6:15 p.m.2 views

CVE-2024-20677

A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have acces...

7.8CVSS7.6AI score0.0326EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.4 views

OroPlatform Path Traversal Vulnerability

OroPlatform is a PHP Business Application Platform BAP designed to make the development of custom business applications easier and faster. A path traversal vulnerability exists in OroPlatform versions prior to 5.0.9, which stems from the presence of a path traversal vulnerability that allows an...

9.8CVSS6.8AI score0.00946EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:29 a.m.5 views

SUSE CVE-2014-3460

Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname...

6.8CVSS7.1AI score0.03267EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.3 views

SUSE CVE-2019-12449

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move and copy with GFILECOPYALLMETADATA operations from admin:// to file:// URIs, because root privileges are unavailable...

5.7CVSS7AI score0.0184EPSS
Exploits0References6
Kitploit
Kitploit
added 2022/12/05 11:30 a.m.26 views

Scscanner - Tool To Read Website Status Code Response From The Lists

scscanner is tool to read website status code response from the lists. This tool have ability to filter only spesific status code, and save the result to a file. Feature Slight dependency. This tool only need curl to be installed Multi-processing. Scanning will be more faster with multi-processin...

7.5AI score
Exploits0References3
Rows per page
Query Builder