Lucene search
K

19 matches found

Snyk
Snyk
added 2026/04/27 12:0 a.m.5 views

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-advisors-vector-store is a Chat client advisors for Spring AI Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the conversationId handling in VectorStoreChatMemoryAdvisor. An attacker...

8.2CVSS5.8AI score0.00233EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/27 12:0 a.m.4 views

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-milvus-store is a Spring AI Vector Store - Milvus Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vecto...

8.8CVSS5.8AI score0.00394EPSS
Exploits0References2
OSV
OSV
added 2026/04/08 12:12 a.m.4 views

GHSA-X8RX-789C-2PXQ RedwoodSDK has a CSRF vulnerability in server function dispatch via GET requests

Summary Server functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In cookie-authenticated applications, this allowed cross-site GET navigations to trigger state-changing functions, because browsers send SameSite=Lax cookies on...

8.1CVSS5.8AI score0.0021EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/03 10:58 a.m.5 views

CVE-2026-5323

A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be use...

5.3CVSS5.4AI score0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/02 9:30 a.m.5 views

EUVD-2026-18130

A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be use...

5.3CVSS5.6AI score0.0013EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/04/02 9:30 a.m.6 views

a11y-mcp: Server-Side Request Forgery (SSRF) vulnerability in A11yServer function

A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be use...

5.3CVSS5.4AI score0.0013EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 6:15 a.m.3 views

CVE-2026-5323 priyankark a11y-mcp index.js A11yServer server-side request forgery

A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be use...

5.3CVSS5.6AI score0.0013EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-24938

Malicious code in bioql PyPI...

5.4CVSS4.8AI score0.00264EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2025-24937

Malicious code in bioql PyPI...

5.4CVSS4.8AI score0.00256EPSS
Exploits1References5
Snyk
Snyk
added 2025/08/20 10:43 p.m.3 views

Function Call With Incorrect Argument Type

Overview Affected versions of this package are vulnerable to Function Call With Incorrect Argument Type due to insufficient type validation in the update function. An attacker can manipulate input data by supplying crafted objects that cause the hash state to rewind and process unintended data. P...

9.1CVSS7AI score0.0047EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/16 7:24 p.m.9 views

CVE-2025-8976

A vulnerability has been found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/index.php?module=content/post=post of the component Endpoint. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

5.4CVSS6.7AI score0.00256EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/16 7:23 p.m.10 views

CVE-2025-8975

A vulnerability was identified in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public a...

5.4CVSS6.5AI score0.00264EPSS
Exploits1References1
OSV
OSV
added 2025/08/14 7:15 p.m.5 views

CVE-2025-8976

A vulnerability has been found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/index.php?module=content/post&type=post of the component Endpoint. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

5.4CVSS6.5AI score
Exploits0References5
CVE
CVE
added 2025/08/14 7:2 p.m.19 views

CVE-2025-8976

CVE-2025-8976 affects givanz Vvveb up to 1.0.5. The vulnerability resides in the Endpoint component’s code handling the file path /vadmin123/index.php?module=content/post&type=post, enabling cross-site scripting. The attack can be initiated remotely, and the exploit has been disclosed publicly. A...

5.4CVSS6.6AI score0.00256EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/08/14 6:32 p.m.10 views

CVE-2025-8975 givanz Vvveb edit.tpl cross site scripting

A vulnerability was identified in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public a...

5.1CVSS0.00264EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.7 views

PT-2025-33404 · Unknown · Givanz Vvveb

Name of the Vulnerable Software and Affected Versions: givanz Vvveb versions up to 1.0.5 Description: A vulnerability was identified in givanz Vvveb up to version 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to...

5.4CVSS3.8AI score0.00264EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2024/10/06 12:0 a.m.3 views

PT-2024-30888 · Trustmary · Trustmary Review & Testimonial Widgets

Name of the Vulnerable Software and Affected Versions: Trustmary Review & testimonial widgets versions 1.0.0 through 1.0.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.4 views

PT-2024-18027 · Watchguard · Watchguard Authpoint Password Manager

Name of the Vulnerable Software and Affected Versions: WatchGuard AuthPoint Password Manager for MacOS versions before 1.0.6 Description: The issue is related to an Improper Neutralization of Special Elements used in a Command, also known as a 'Command Injection' vulnerability. This allows an...

7.8CVSS7.5AI score0.00721EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.20 views

RHEL 3 : nfs-utils (RHSA-2004:072)

Updated nfs-utils packages that fix a flaw leading to possible rpc.mountd crashes are now available. The nfs-utils package contains the rpc.mountd program, which implements the NFS mount protocol. A flaw was discovered in versions of rpc.mountd in nfs-utils versions after 1.0.3 and prior to 1.0.6...

5CVSS5.5AI score0.01734EPSS
Exploits1References4
Rows per page
Query Builder