Lucene search
K

89 matches found

CVE
CVE
added 2026/06/28 10:0 p.m.16 views

CVE-2026-13509

RAGapp up to 0.1.5 is affected. The vulnerability lies in FileHandler.upload_file and FileHandler.remove_file (src/ragapp/backend/controllers/files.py), enabling path traversal. Exploitation can be performed remotely, and public proof-of-concept/exploitation has been disclosed. A fix via a pull r...

6.5CVSS6.1AI score0.00294EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/19 6:51 a.m.36 views

CVE-2026-6798 2Download Connector for 2DL Hosted Checkout <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure via 'ToDownload_email' Parameter

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00299EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-50851

Name of the Vulnerable Software and Affected Versions 2Download Connector for 2DL Hosted Checkout versions prior to 0.1.6 Description The plugin fails to properly verify user authorization before performing specific actions. This allows unauthenticated attackers to access arbitrary customer...

5.3CVSS6AI score0.00299EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50780

Name of the Vulnerable Software and Affected Versions nanobot versions prior to 0.1.5.post4 Description The WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path using the fileName field from an incoming WhatsApp document message without sanitization. The bridge downloads media...

8.7CVSS6AI score0.00276EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.12 views

CVE-2026-35589

nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting from an incomplete remediation of CVE-2026-2577. The original fix changed the binding from 0.0.0.0 to...

9.3CVSS5.5AI score0.0016EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 10:47 p.m.3 views

CVE-2026-35589

nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting from an incomplete remediation of CVE-2026-2577. The original fix changed the binding from 0.0.0.0 to...

10CVSS7.4AI score0.00645EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/14 10:47 p.m.4 views

EUVD-2026-22802

nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting from an incomplete remediation of CVE-2026-2577. The original fix changed the binding from 0.0.0.0 to...

10CVSS7.4AI score0.00645EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/14 10:47 p.m.4 views

CVE-2026-35589 nanobot: Cross-Site WebSocket Hijacking in WhatsApp Bridge (CVE-2026-2577 Fix Update)

nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting from an incomplete remediation of CVE-2026-2577. The original fix changed the binding from 0.0.0.0 to...

8CVSS5.9AI score0.00645EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.8 views

PT-2026-32960

Name of the Vulnerable Software and Affected Versions nanobot versions prior to 0.1.5 Description A Cross-Site WebSocket Hijacking CSWSH issue exists in the bridge's WebSocket server within bridge/src/server.ts. The server does not validate the Origin header during the WebSocket handshake, and...

8CVSS7.4AI score0.0016EPSS
Exploits1References6
EUVD
EUVD
added 2026/04/06 6:30 a.m.5 views

EUVD-2026-19166

A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarizecommand. Executing a manipulation of the argument command can lead to os command injection. The attack requires local access...

5.3CVSS5.5AI score0.00694EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.9 views

Summarization Functions 操作系统命令注入漏洞

Summarization Functions is an intelligent text summarization server developed by Braffolk’s individual developer. Versions of Summarization Functions prior to 0.1.5 had a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of the command...

5.3CVSS6.1AI score0.00694EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.8 views

PT-2026-30562

A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarize command. Executing a manipulation of the argument command can lead to os command injection. The attack requires local access...

5.3CVSS5.5AI score0.00694EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/07 9:2 p.m.7 views

EUVD-2026-5715

A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...

7.5CVSS5AI score0.00554EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
added 2026/02/07 8:26 a.m.8 views

CVE-2025-15477

The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode category and id attributes in all versions up to, and including, 0.1.5 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS5.7AI score0.00217EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/07 8:26 a.m.7 views

EUVD-2025-206892

The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode category and id attributes in all versions up to, and including, 0.1.5 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS5.8AI score0.00217EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/07 8:26 a.m.5 views

CVE-2025-15476 The Bucketlister <= 0.1.5 - Missing Authorization to Authenticated (Subscriber+) Bucket List Modification

The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlisterdoadminajax function in all versions up to, and including, 0.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.7AI score0.00158EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/07 8:26 a.m.29 views

CVE-2025-15477 The Bucketlister <= 0.1.5 - Authenticated (Contributor+) SQL Injection via `category` and `id` Shortcode Attributes

The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode category and id attributes in all versions up to, and including, 0.1.5 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS0.00217EPSS
Exploits0References2
CVE
CVE
added 2026/02/07 8:26 a.m.18 views

CVE-2025-15476

The CVE-2025-15476 affects the WordPress plugin The Bucketlister, specifically versions up to 0.1.5. The root cause is a missing capability check in the bucketlister_do_admin_ajax() function, allowing authenticated attackers with Subscriber-level access (and higher) to add, delete, or modify arbi...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/07 8:26 a.m.5 views

EUVD-2025-206893

The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlisterdoadminajax function in all versions up to, and including, 0.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/07 12:9 a.m.7 views

WordPress The Bucketlister plugin <= 0.1.5 - Missing Authorization to Authenticated (Subscriber+) Bucket List Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Bucket List Modification vulnerability discovered by Ivan Cese in WordPress Plugin The Bucketlister versions = 0.1.5...

4.3CVSS5.4AI score0.00158EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder