Lucene search
K

10 matches found

OSV
OSV
added 2026/03/24 12:49 p.m.11 views

CVE-2026-33309 Langflow has an Arbitrary File Write (RCE) via v2 API

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...

9.9CVSS6AI score0.01417EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/06/19 5:15 a.m.4 views

CVE-2023-32273

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32201...

7.8CVSS6.3AI score0.00278EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.8 views

The vulnerability of the filesystem.renamer() function in the SABnzbd news reader software, which is related to errors in handling relative pathnames for directories, allows attackers to compromise data integrity.

The vulnerability of the filesystem.renamer function in the SABnzbd news reader program is related to errors in handling relative pathnames for directories. Exploiting this vulnerability could allow a malicious actor to manipulate data integrity through the use of a malicious PAR2 file...

5.3CVSS5.9AI score0.00919EPSS
Exploits0References5Affected Software2
Gitee
Gitee
added 2021/09/06 1:15 a.m.4 views

KDU

This is a Windows driver code, specifically a device driver for a fictional device called "DUMMYDRV". The code is written in C and is compiled into a Windows driver executable. The code consists of two parts: dummy.sys and dummy2.sys. Both files are Windows driver executables, but they have...

7.2AI score
Exploits0
OSV
OSV
added 2021/05/07 3:15 p.m.3 views

DEBIAN-CVE-2021-29488

SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the filesystem.renamer function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround,...

5.3CVSS5.6AI score0.00919EPSS
Exploits0References1
CNVD
CNVD
added 2020/10/29 12:0 a.m.4 views

Foxit Studio Photo Information Disclosure Vulnerability (CNVD-2020-59768)

Foxit Studio Photo is a set of image editing software from the Chinese company Foxit Foxit. An information disclosure vulnerability exists in the handling of SR2 files in Foxit Studio Photo 3.6.6.930 and earlier versions. The vulnerability stems from a lack of proper validation of user-supplied...

7.8CVSS6AI score0.02865EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/07/15 12:0 a.m.3 views

PT-2019-4352

Name of the Vulnerable Software and Affected Versions GNU Libc affected versions not specified Description The issue is related to the libld component of the GNU Libc library, which provides system calls and basic functions. It is associated with insufficient input validation, allowing a remote...

10CVSS8.1AI score0.03069EPSS
Exploits1References20
OSV
OSV
added 2019/04/08 8:29 p.m.3 views

DEBIAN-CVE-2019-1788

A vulnerability in the Object Linking & Embedding OLE2 file scanning functionality of Clam AntiVirus ClamAV Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of prope...

5.5CVSS7AI score0.01839EPSS
Exploits1References1
CNVD
CNVD
added 2017/12/19 12:0 a.m.3 views

ZOHO ManageEngine Password Manager Pro Cross-Site Scripting Vulnerability

ZOHO ManageEngine Password Manager Pro PMP is a set of password management software from ZOHO. The software can record general password information, website login passwords, software registration codes and Email account passwords. A cross-site scripting vulnerability exists in the SearchResult.ec...

6.1CVSS6.2AI score0.01547EPSS
Exploits0References1
OSV
OSV
added 2016/11/17 5:59 a.m.3 views

DEBIAN-CVE-2016-9373

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private...

5.9CVSS6.4AI score0.01717EPSS
Exploits0References1
Rows per page
Query Builder