Lucene search
K

219 matches found

EUVD
EUVD
added 2026/06/22 5:21 p.m.7 views

EUVD-2026-38332

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.1CVSS5.9AI score0.00157EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 5:21 p.m.37 views

CVE-2026-55443 LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.1CVSS0.00157EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 5:21 p.m.13 views

CVE-2026-55443

CVE-2026-55443 describes a path traversal / sandbox-escape flaw in LangChain prior to 1.3.9. The vulnerability arises when components that resolve filesystem paths or expand search patterns fail to confine results to a trusted root, allowing untrusted inputs (paths, globs, symlinks, or LLM-influe...

5.5CVSS5.9AI score0.00157EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.7 views

CVE-2026-27787

Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...

5.4CVSS6.3AI score0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:31 a.m.4 views

EUVD-2026-20379

Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...

5.3CVSS5.9AI score0.00218EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.1 views

CVE-2026-39688 WordPress WP Frontend Profile plugin <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...

5.3CVSS5.9AI score0.00218EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.22 views

CVE-2026-39688 WordPress WP Frontend Profile plugin <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...

5.3CVSS0.00218EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.5 views

CVE-2026-39688

Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...

5.3CVSS5.9AI score0.00218EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 6:31 a.m.7 views

EUVD-2026-20052

Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...

5.4CVSS6.2AI score0.00155EPSS
Exploits0References3
CVE
CVE
added 2026/04/08 5:11 a.m.17 views

CVE-2026-27787

MATCHA SNS contains a cross-site scripting vulnerability (CVE-2026-27787) affecting version 1.3.9 and earlier. The root cause is an XSS flaw that could allow arbitrary script execution in a user’s browser when visiting a compromised page. Public sources in connected documents confirm affected ver...

5.4CVSS6.2AI score0.00155EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/08 5:11 a.m.3 views

CVE-2026-27787

Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...

5.4CVSS6.2AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.8 views

PT-2026-31084

Name of the Vulnerable Software and Affected Versions MATCHA SNS versions prior to 1.4.0 Description A cross-site scripting issue exists. Successful exploitation could allow an attacker to execute arbitrary scripts in a user's web browser when they access the website. Recommendations Update to...

5.4CVSS6.5AI score0.00155EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31250

Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...

5.3CVSS5.9AI score0.00218EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

WordPress plugin WP Frontend Profile 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.2 views

CVE-2026-32341

Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Benevolent: from n/a through = 1.3.9...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
OSV
OSV
added 2026/03/17 8:33 p.m.3 views

GHSA-2CPP-J2FC-QHP7 AWS API MCP File Access Restriction Bypass

Description The AWS API MCP Server is an open source Model Context Protocol MCP server that enables AI assistants to interact with AWS services and resources through AWS CLI commands. It provides programmatic access to manage your AWS infrastructure while maintaining proper security controls. Thi...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/17 8:33 p.m.6 views

AWS API MCP File Access Restriction Bypass

Description The AWS API MCP Server is an open source Model Context Protocol MCP server that enables AI assistants to interact with AWS services and resources through AWS CLI commands. It provides programmatic access to manage your AWS infrastructure while maintaining proper security controls. Thi...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References6Affected Software2
Snyk
Snyk
added 2026/03/16 6:55 p.m.4 views

Improper Protection of Alternate Path

Overview awslabs.aws-api-mcp-server is a Model Context Protocol MCP server for interacting with AWS Affected versions of this package are vulnerable to Improper Protection of Alternate Path through the AWS CLI shorthand parser in awsapimcpserver/core/aws/services.py. An attacker can read arbitrar...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/16 4:7 p.m.2 views

CVE-2026-4270 AWS API MCP File Access Restriction Bypass

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 4:7 p.m.15 views

CVE-2026-4270

CVE-2026-4270 affects AWS API MCP Server (versions &gt;= 0.2.14 and

6.8CVSS5.9AI score0.00131EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder