Lucene search
K

14240 matches found

Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.11 views

PT-2026-41216

Name of the Vulnerable Software and Affected Versions deepobj versions prior to 1.0.3 Description Prototype pollution occurs when property paths contain proto , constructor, or prototype. This issue arises when property paths are exposed as user input, allowing an attacker to modify the prototype...

8.2CVSS5.8AI score0.00316EPSS
Exploits0References4
OSV
OSV
added 2026/05/12 10:24 p.m.7 views

GHSA-CCFQ-2454-F5XW SillyTavern has a SSRF vulnerability in the CORS proxy middleware

Resolution SillyTavern 1.18.0 added a generic server-side request filter Private Request Whitelisting. Since we expect users to use the application in a trusted environment, the filter is disabled by default, however it is strongly advised to be enabled and properly configured when an instance is...

6.9CVSS5.8AI score0.00375EPSS
Exploits0References4
NVD
NVD
added 2026/05/12 10:16 p.m.21 views

CVE-2026-44262

Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...

9.4CVSS0.0586EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2026/05/12 8:56 p.m.8 views

CVE-2026-44262 Scramble: Remote code execution via evaluation of user-controlled input in validation rules

Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...

9.4CVSS6.1AI score0.0586EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/05/12 8:56 p.m.67 views

CVE-2026-44262 Scramble: Remote code execution via evaluation of user-controlled input in validation rules

Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...

9.4CVSS0.0586EPSS
Exploits3References2
CVE
CVE
added 2026/05/12 8:56 p.m.42 views

CVE-2026-44262

CVE-2026-44262 affects dedoc/scramble (Laravel API documentation generator) versions 0.13.2–0.13.21. The vulnerability arises when publicly accessible docs endpoints evaluate user-controlled input via NodeRulesEvaluator::doEvaluateExpression(), which may evaluate request data and execute arbitrar...

9.4CVSS6.1AI score0.0586EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:3 p.m.7 views

CVE-2026-34668

CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitatio...

6.2CVSS5.8AI score0.00193EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 2:17 p.m.9 views

CVE-2026-6865

CWE-22: Improper Limitation of a Pathname to a Restricted Directory “Path Traversal” vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing...

7.1CVSS0.00303EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 12:29 p.m.5 views

CVE-2026-6865

CWE-22: Improper Limitation of a Pathname to a Restricted Directory “Path Traversal” vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing...

7.1CVSS5.8AI score0.00303EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/05/12 12:29 p.m.25 views

CVE-2026-6865

CVE-2026-6865 corresponds to a path traversal vulnerability (CWE-22) arising from improper handling of user-supplied input during server-side file path processing. The connected records describe the issue as allowing unauthorized access to sensitive files due to pathname limitations, with a CVSSv...

7.1CVSS5.8AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 8:21 a.m.35 views

CVE-2026-41551

A vulnerability has been identified in ROS All versions V2.2.2. Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device...

9.3CVSS0.00487EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 2:20 a.m.9 views

CVE-2026-40131 SQL Injection vulnerability in SAP HANA Deployment Infrastructure (HDI) deploy library

SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...

3.4CVSS5.9AI score0.00173EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:20 a.m.9 views

CVE-2026-34260

SAP S/4HANA SAP Enterprise Search for ABAP contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the...

9.6CVSS5.9AI score0.00466EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.9 views

PT-2026-40547

Name of the Vulnerable Software and Affected Versions SillyTavern versions prior to 1.18.0 Description SillyTavern is a locally installed user interface for interacting with large language models, image generation engines, and text-to-speech voice models. A reflected Cross-Site Scripting XSS issu...

6.9CVSS6AI score0.00323EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40019

Name of the Vulnerable Software and Affected Versions Multiple Products affected versions not specified Description A path traversal issue occurs when user-supplied input is improperly handled during server-side file path processing. This can lead to unauthorized access to sensitive files by...

7.1CVSS5.8AI score0.00303EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

SAP S/4HANA SQL注入漏洞

SAP S/4HANA is a enterprise resource management software developed by SAP, a German company, based on the SAP HANA memory database system. SAP S/4HANA has a SQL injection vulnerability. This vulnerability allows authenticated attackers to inject malicious SQL statements through user-controlled...

9.6CVSS6.1AI score0.00466EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.10 views

PT-2026-40282

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

6.5CVSS5.8AI score0.00202EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/11 6:31 p.m.8 views

EUVD-2026-29056

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS6AI score0.00318EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 4:17 p.m.13 views

CVE-2026-3320

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS0.00318EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 2:26 p.m.15 views

CVE-2026-3319

CVE-2026-3319: Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-supplied input is insecurely reflected in HTML output at the /collection/ endpoint, enabling arbitrary JavaScript execution. CVSSv4.0 base score 5.1 (Medium) with network attack v...

5.1CVSS6AI score0.00318EPSS
Exploits0References1
Rows per page
Query Builder