Lucene search
+L

3482 matches found

EUVD
EUVD
added 8 hours ago6 views

EUVD-2026-45425

A vulnerability was identified in geex-arts django-jet up to 1.0.8. This affects an unknown function of the file jet/dashboard/views.py of the component Dashboard Module. Such manipulation leads to authorization bypass. The attack can be executed remotely. The exploit is publicly available and...

6.5CVSS6.2AI score
Exploits0References6
EUVD
EUVD
added yesterday11 views

EUVD-2026-45387

A vulnerability was determined in zevorn rt-claw up to 0.2.0. The impacted element is the function handlerpcrequest of the file claw/services/swarm/swarm.c of the component Swarm RPC Receiver. This manipulation causes incorrect authorization. The attack is possible to be carried out remotely. The...

7.5CVSS7AI score
Exploits0References8
EUVD
EUVD
added yesterday7 views

EUVD-2025-210488

SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 allows authenticated users with OWNER or EDITOR permissions at the root, namespace, or database level to define custom database functions via DEFINE FUNCTION using nested FOR loops. Although a single loop's iteration count is...

7.1CVSS5.4AI score
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-16077

AstrBotDevs AstrBot up to 4.25.5 is affected by a vulnerability in the function _normalize_rw_path within astrbot/core/tools/computer_tools/fs.py of the Filesystem Computer-Use Tool. The issue arises from a manipulation that enables link following, with exploitation possible only from local acces...

5.3CVSS5.4AI score0.00168EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 3 days ago8 views

CVE-2026-15909

A vulnerability has been found in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected is an unknown function of the file proses/add.php. The manipulation of the argument kdcs leads to authorization bypass. The attack is possible to be carried out remotely. This produ...

6.5CVSS6.3AI score0.00211EPSS
Exploits0References5
NVD
NVD
added 5 days ago9 views

CVE-2026-15668

A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...

6.5CVSS0.00228EPSS
Exploits0References6
NVD
NVD
added 6 days ago5 views

CVE-2026-15535

A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserializefrom of the file retrievallm/src/index.py of the component retrievallm. Executing a manipulation of the argument indexmeta.faiss can lead ...

6.5CVSS0.00247EPSS
Exploits0References7
CVE
CVE
added 6 days ago14 views

CVE-2026-15528

CVE-2026-15528 affects lamaalrajih/kicad-mcp up to 3.3.1. The vulnerability is in kicad_mcp/utils/path_validator.py where manipulating the arguments project_path or schematic_path causes a protection mechanism failure. Local exploitation is required, and the exploit has been made public. The proj...

4.8CVSS5.8AI score0.00113EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago11 views

EUVD-2026-43253

A vulnerability was identified in pig-mesh Pig up to 3.9.2. Affected by this issue is some unknown functionality of the file \pig-master\pig-visual\pig-codegen\src\main\java\com\pig4cloud\pig\codegen\service\impl\GeneratorServiceImpl.java of the component pig-codegen. Such manipulation leads to...

6.5CVSS6.3AI score0.00376EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago38 views

CVE-2026-15517 Jinher OA PlanGiveOut.aspx sql injection

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx. This manipulation of the argument httpOID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be...

7.5CVSS0.00254EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago10 views

EUVD-2026-43259

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx. This manipulation of the argument httpOID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added last week38 views

CVE-2026-15514 Metasoft 美特软件 MetaCRM PHPRPC Remote Call rpc.jsp RPCService.query sql injection

A weakness has been identified in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This vulnerability affects the function RPCService.query of the file /customizemt/xkq/rpc.jsp of the component PHPRPC Remote Call Interface. Executing a manipulation of the argument phprpcargs can lead to sql injection. T...

7.5CVSS0.00254EPSS
Exploits0References5
CVE
CVE
added last week20 views

CVE-2026-15509

Leantime up to 3.8.0 is affected by a vulnerability in the JSON-RPC Endpoint functions editUser/addUser where manipulating the role argument leads to improper authorization. The issue is exploitable remotely and has been publicly disclosed; vendor response was not provided. Affected impact includ...

6.5CVSS6.2AI score0.00333EPSS
Exploits0References5
EUVD
EUVD
added last week9 views

EUVD-2026-43246

A weakness has been identified in vnotex vnote up to 3.20.1. Impacted is an unknown function of the file /src/data/extra/web/js/markdownit.js of the component YAML Frontmatter. This manipulation of the argument pmetaData causes cross site scripting. The attack may be initiated remotely. The vendo...

5.1CVSS4.6AI score0.00195EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added last week3 views

CVE-2026-15502

A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument itemnumber results in sql injection. The attack may be performed from remote. The vendor was contacte...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/07/12 12:0 p.m.9 views

EUVD-2026-43222

A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function getonlineplugins of the file astrbot/dashboard/routes/plugin.py of the component marketlist Endpoint. Executing a manipulation of the argument customregistry can lead to server-side...

6.5CVSS6.4AI score0.00209EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/12 11:15 a.m.8 views

EUVD-2026-43219

A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/ExchangeController.java of the component JWT Authentication Filter. This manipulation causes code...

7.5CVSS6.6AI score0.00394EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/12 11:0 a.m.37 views

CVE-2026-15496 SonicCloudOrg sonic-agent Groovy Script GroovyScriptImpl.java evalIsFailed os command injection

A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command...

6.5CVSS0.01158EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/12 11:0 a.m.10 views

EUVD-2026-43218

A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References5
CVE
CVE
added 2026/07/12 10:45 a.m.15 views

CVE-2026-15495

The vulnerability CVE-2026-15495 affects SonicCloudOrg sonic-agent up to version 2.7.2, specifically in the Android WebSocket Server component’s AndroidWSServer.java. The issue arises from manipulating the path argument, causing os command injection. It is remotely exploitable and has public disc...

6.5CVSS6.3AI score0.01543EPSS
Exploits0References6
Rows per page
Query Builder