19 matches found
Improper Neutralization of Special Elements in Data Query Logic
Overview org.springframework.ai:spring-ai-advisors-vector-store is a Chat client advisors for Spring AI Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the conversationId handling in VectorStoreChatMemoryAdvisor. An attacker...
Improper Neutralization of Special Elements in Data Query Logic
Overview org.springframework.ai:spring-ai-milvus-store is a Spring AI Vector Store - Milvus Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vecto...
GHSA-X8RX-789C-2PXQ RedwoodSDK has a CSRF vulnerability in server function dispatch via GET requests
Summary Server functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In cookie-authenticated applications, this allowed cross-site GET navigations to trigger state-changing functions, because browsers send SameSite=Lax cookies on...
CVE-2026-5323
A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be use...
EUVD-2026-18130
A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be use...
a11y-mcp: Server-Side Request Forgery (SSRF) vulnerability in A11yServer function
A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be use...
CVE-2026-5323 priyankark a11y-mcp index.js A11yServer server-side request forgery
A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be use...
EUVD-2025-24938
Malicious code in bioql PyPI...
EUVD-2025-24937
Malicious code in bioql PyPI...
Function Call With Incorrect Argument Type
Overview Affected versions of this package are vulnerable to Function Call With Incorrect Argument Type due to insufficient type validation in the update function. An attacker can manipulate input data by supplying crafted objects that cause the hash state to rewind and process unintended data. P...
CVE-2025-8976
A vulnerability has been found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/index.php?module=content/post=post of the component Endpoint. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been...
CVE-2025-8975
A vulnerability was identified in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public a...
CVE-2025-8976
A vulnerability has been found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/index.php?module=content/post&type=post of the component Endpoint. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been...
CVE-2025-8976
CVE-2025-8976 affects givanz Vvveb up to 1.0.5. The vulnerability resides in the Endpoint component’s code handling the file path /vadmin123/index.php?module=content/post&type=post, enabling cross-site scripting. The attack can be initiated remotely, and the exploit has been disclosed publicly. A...
CVE-2025-8975 givanz Vvveb edit.tpl cross site scripting
A vulnerability was identified in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public a...
PT-2025-33404 · Unknown · Givanz Vvveb
Name of the Vulnerable Software and Affected Versions: givanz Vvveb versions up to 1.0.5 Description: A vulnerability was identified in givanz Vvveb up to version 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to...
PT-2024-30888 · Trustmary · Trustmary Review & Testimonial Widgets
Name of the Vulnerable Software and Affected Versions: Trustmary Review & testimonial widgets versions 1.0.0 through 1.0.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in...
PT-2024-18027 · Watchguard · Watchguard Authpoint Password Manager
Name of the Vulnerable Software and Affected Versions: WatchGuard AuthPoint Password Manager for MacOS versions before 1.0.6 Description: The issue is related to an Improper Neutralization of Special Elements used in a Command, also known as a 'Command Injection' vulnerability. This allows an...
RHEL 3 : nfs-utils (RHSA-2004:072)
Updated nfs-utils packages that fix a flaw leading to possible rpc.mountd crashes are now available. The nfs-utils package contains the rpc.mountd program, which implements the NFS mount protocol. A flaw was discovered in versions of rpc.mountd in nfs-utils versions after 1.0.3 and prior to 1.0.6...