Lucene search
K

559 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.12 views

CVE-2026-6618

A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parseopenaipluginjsontotoolbundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The...

6.5CVSS6.1AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 2:12 p.m.14 views

CVE-2026-9443

A security vulnerability has been detected in Edimax BR-6478AC 1.23. This vulnerability affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. The manipulation of the argument L2TPUserName leads to buffer overflow. The attack may be initiated...

9CVSS7.8AI score0.00589EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.13 views

PT-2026-43116

Name of the Vulnerable Software and Affected Versions changmingxie tcc-transaction versions prior to 2.1.1 Description A remote deserialization issue exists within the Fastjson AutoType REST API component. The flaw is located in the Fastjson.parseObject function, which allows an attacker to trigg...

6.5CVSS6.7AI score0.00338EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/17 10:0 p.m.25 views

CVE-2026-8765

A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff API Endpoint. Performing a manipulation of the argument File results in path traversal. It...

5.3CVSS5.5AI score0.0058EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.7 views

CVE-2026-7689

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...

6.3CVSS5.1AI score0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/20 3:34 a.m.7 views

EUVD-2026-23729

A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function downloadmodel/deletemodel of the file api/src/serge/routers/model.py of the component Model API Endpoint. Executing a manipulation can lead to missing authentication. The attack can be launched...

6.9CVSS6.2AI score0.00433EPSS
Exploits0References5
CVE
CVE
added 2026/04/20 12:45 a.m.10 views

CVE-2026-6590

ComfyUI (up to version 0.13.0) contains a path traversal vulnerability in the Model Preview Endpoint (get_model_preview in app/model_manager.py). The issue can be triggered remotely, and an exploit is publicly available. Impact details are described in the CVE entries, but remediation steps are n...

5.3CVSS5.4AI score0.00365EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.6 views

PT-2026-30564

Name of the Vulnerable Software and Affected Versions ChrisChinchilla Vale-MCP versions up to 0.1.0 Description A vulnerability exists in ChrisChinchilla Vale-MCP up to version 0.1.0, specifically within the file src/index.ts of the HTTP Interface component. The manipulation of the config path...

5.3CVSS5.8AI score0.00694EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2026/03/27 4:38 a.m.90 views

security-research

Security Research & Vulnerability Proof-of-Concepts Welcome t...

6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/21 10:2 a.m.2 views

CVE-2026-4513 vanna-ai vanna base.py ask sql injection

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. T...

6.5CVSS5.6AI score0.00196EPSS
Exploits0References4
NVD
NVD
added 2026/03/11 1:16 p.m.7 views

CVE-2026-3943

A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaaportalauthlocalsubmit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used...

7.5CVSS0.40802EPSS
Exploits0References4
OSV
OSV
added 2026/02/22 2:16 p.m.9 views

CVE-2026-2947

A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross site scripting. The attack can be executed...

5.4CVSS4.1AI score0.00276EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.8 views

PT-2026-21455

Name of the Vulnerable Software and Affected Versions Dromara UJCMS version 10.0.2 Description A flaw exists in Dromara UJCMS version 10.0.2 within the ImportDataController component. Specifically, the importChanel function, located in the file /api/backend/ext/import-data/import-channel, is...

6.5CVSS6.3AI score0.00331EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/11 12:19 p.m.2 views

CVE-2025-8025

Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dinosoft ERP: from 3.0.1 through 11022026. NOTE: The vendor was contacted early about...

9.8CVSS5.4AI score0.00513EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.6 views

CVE-2025-1537

A vulnerability was found in Harpia DiagSystem 12. It has been rated as critical. This issue affects some unknown processing of the file /diagsystem/PACS/atualatendimentojpeg.php. The manipulation of the argument codexame leads to sql injection. The attack may be initiated remotely. The exploit h...

6.5CVSS7.1AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:8 a.m.7 views

CVE-2024-2514

A vulnerability classified as critical was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. T...

9.8CVSS7.3AI score0.00628EPSS
Exploits0References1
OSV
OSV
added 2025/12/07 5:15 p.m.6 views

CVE-2025-14198

A vulnerability was detected in Verysync 微力同步 2.21.3. This affects an unknown function of the file /safebrowsing/clientreport/download?key=dummytoken of the component Web Administration Module. Performing manipulation results in information disclosure. The attack is possible to be carried out...

6.9CVSS5.5AI score0.00403EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/07 8:32 a.m.17 views

CVE-2025-14187 UGREEN DH2100+ nas_svr create handler_file_backup_create buffer overflow

A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. Executing a manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The...

8.6CVSS0.00585EPSS
Exploits0References4
OSV
OSV
added 2025/12/04 6:15 p.m.5 views

CVE-2025-14011

A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely...

7.2CVSS4.9AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.5 views

PT-2025-48415

A vulnerability was determined in jsnjfz WebStack-Guns 1.0. This vulnerability affects unknown code of the file src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java. Executing manipulation of the argument sort can lead to sql injection. It is possible to launch the attack...

6.5CVSS6.7AI score0.00326EPSS
Exploits1References6
Rows per page
Query Builder