Lucene search
+L

39 matches found

OSV
OSV
added 2 days ago3 views

CVE-2026-61643 FastGPT: workflow runtime can execute another user's private HTTP toolset

FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, an authenticated FastGPT user can save a workflow node that points to another user's private HTTP toolset by using a crafted saved tool id such as http-/. The normal toolset routes deny access, but the workflow...

5.9CVSS6.2AI score0.00154EPSS
Exploits0References4
NVD
NVD
added 3 days ago8 views

CVE-2026-15668

A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...

6.5CVSS0.00228EPSS
Exploits0References6
OSV
OSV
added 3 days ago4 views

CVE-2026-15668 louisho5 picobot web Tool web.go WebTool.Execute server-side request forgery

A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...

5.3CVSS6.2AI score0.00228EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-15668 louisho5 picobot web Tool web.go WebTool.Execute server-side request forgery

A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...

6.5CVSS0.00228EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 5:51 p.m.31 views

CVE-2026-11720

The CVE-2026-11720 entry describes a path traversal flaw in the HTTP tool URL builder of googleapis/mcp-toolbox. User-controlled pathParams are substituted into a configured tool path and then parsed as a relative URL; while scheme/host/user info are checked, final resolution uses ResolveReferenc...

9.3CVSS5.8AI score0.00374EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/12 8:36 p.m.5 views

CVE-2025-67634 Software Acquisition Guide Supplier Response Web Tool XSS

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

4.6CVSS5.8AI score0.00162EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/12 8:36 p.m.23 views

CVE-2025-67634 Software Acquisition Guide Supplier Response Web Tool XSS

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

4.6CVSS0.00162EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.6 views

CISA Software Acquisition Guide Supplier Response Web Tool 安全漏洞

CISA Software Acquisition Guide Supplier Response Web Tool is an interactive Web tool from the CISA organization in the United States. A security vulnerability exists in versions of the CISA Software Acquisition Guide Supplier Response Web Tool prior to 2025-12-11, which stems from a cross-site...

6.1CVSS6.1AI score0.00162EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/11 9:30 p.m.9 views

CVE-2025-49145

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks mostly administrators can drop the database. This is fixed in iTop 2.7.13 and 3.2.2 by verifying callback signature...

8.7CVSS6.6AI score0.00294EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-15961

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00453EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2025/08/28 4:8 p.m.133 views

trashhost

xss tool and sqli detector...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 12:20 a.m.11 views

CVE-2025-44897

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftpsrvip parameter in the webtoolupgradeManagerpost function...

9.8CVSS7.9AI score0.00453EPSS
Exploits1References1
NVD
NVD
added 2025/05/20 9:15 p.m.16 views

CVE-2025-44897

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftpsrvip parameter in the webtoolupgradeManagerpost function...

9.8CVSS0.00453EPSS
Exploits1References1
CVE
CVE
added 2025/05/20 12:0 a.m.60 views

CVE-2025-44897

The CVE-2025-44897 issue affects FW-WGS-804HPT v1.305b241111, with a stack overflow discovered in the bytftp_srvip parameter of the web_tool_upgradeManager_post function. Reported CVSSv3.1 is 9.8 (CRITICAL) with NETWORK attack vector, no user interaction, and impacts to confidentiality, integrity...

9.8CVSS8.1AI score0.00453EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/20 12:0 a.m.12 views

CVE-2025-44897

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftpsrvip parameter in the webtoolupgradeManagerpost function...

7.8AI score0.00453EPSS
Exploits1References1
NVD
NVD
added 2025/05/14 4:15 p.m.22 views

CVE-2025-24969

iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue...

5CVSS0.00229EPSS
Exploits0References1
NVD
NVD
added 2025/05/14 3:15 p.m.17 views

CVE-2025-24785

iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layoutclass before saving th...

4.3CVSS0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/20 12:0 a.m.7 views

PT-2025-22306 · Unknown · Fw-Wgs-804Hpt

Name of the Vulnerable Software and Affected Versions: FW-WGS-804HPT version 1.305b241111 Description: A stack overflow issue was discovered via the bytftp srvip parameter in the web tool upgradeManager post function. Recommendations: For FW-WGS-804HPT version 1.305b241111, consider disabling the...

9.8CVSS6.8AI score0.00453EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.10 views

The vulnerability of the Butterfly web application development tool lies in the improper restriction on the path to the restricted catalog, which allows a hacker to perform an SSRF attack.

The vulnerability of the Butterfly web application development tool is related to an incorrect limitation on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to perform a SSRF attack remotely...

9.4CVSS7.7AI score0.01602EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/26 12:0 a.m.7 views

The vulnerability in the iTop web tool for managing IT services arises from an incorrect limitation on the path to the restricted access catalog, allowing a perpetrator to disclose protected information.

The vulnerability of the iTop IT service management web tool is related to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to disclose protected information...

5CVSS5.5AI score0.00684EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder