Lucene search
K
VulnrichmentRecent

160586 matches found

Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-14653 SourceCodester Simple and Nice Shopping Cart Script mensproductdeletequery.php sql injection

A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /admin/mensproductdeletequery.php. This manipulation of the argument userid causes sql injection. Remote exploitation of the attack is possible. The exploit has...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2024-1248 Role Overwriting via Silent JIT Provisioning in Multiple WSO2 Products Enables Privilege Escalation

The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...

4.8CVSS5.9AI score0.00205EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14652 SourceCodester Simple and Nice Shopping Cart Script Admin Login login.php sql injection

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit ha...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14651 connorskees grass visitor denial of service

A vulnerability has been found in connorskees grass up to 0.13.4. The impacted element is the function grasscompiler::selector::extend/grasscompiler::evaluate::visitor. The manipulation leads to denial of service. The attack must be carried out locally. The exploit has been disclosed to the publi...

4.8CVSS5.1AI score0.00115EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14650 connorskees grass UTF-8 Character raw_to_parse_error denial of service

A flaw has been found in connorskees grass up to 0.13.4. The affected element is the function grasscompiler::rawtoparseerror of the component UTF-8 Character Handler. Executing a manipulation can lead to denial of service. The attack is restricted to local execution. The exploit has been publishe...

4.8CVSS5.5AI score0.00116EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14648 code-projects Online Voting System Login authentication.php test_input sql injection

A security vulnerability has been detected in code-projects Online Voting System up to 0.x/1.0. This issue affects the function testinput of the file /authentication.php of the component Login. Such manipulation of the argument adminUserName/adminPassword leads to sql injection. It is possible to...

7.5CVSS6.8AI score0.00347EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14647 onnx onnxruntime old.cc convPoolShapeInference_opset19 out-of-bounds

A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInferenceopset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely. The exploit has bee...

5.3CVSS5.4AI score0.00253EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14642 SourceCodester Class and Exam Timetabling System edit_class2.php sql injection

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /editclass2.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit is...

7.5CVSS6.9AI score0.00412EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-14641 SourceCodester Class and Exam Timetabling System edit_course.php sql injection

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /editcourse.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit h...

7.5CVSS6.9AI score0.00416EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 3 days ago5 views

CVE-2026-14640 CodeAstro Apartment Visitor Management System Login index.php sql injection

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit ha...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-12740 Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

5.9AI score0.00131EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-12746 Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authenticationurl method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting...

5.9AI score0.00151EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 3 days ago5 views

CVE-2026-14638 itsourcecode Hospital Management System patient.php sql injection

A flaw has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14637 kirilkirkov Ecommerce-CodeIgniter-Bootstrap ShoppingCart.php getCartItems deserialization

A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the library application/libraries/ShoppingCart.php. The manipulation of the argument shoppingcart leads to...

8.8CVSS6.6AI score0.00598EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 3 days ago6 views

CVE-2026-14636 kirilkirkov Ecommerce-CodeIgniter-Bootstrap Vendor Image Manager AddProduct.php do_upload_others_images path traversal

A weakness has been identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 23105f25dadf57b4314fc015a63a7c6e910c89df. Impacted is the function douploadothersimages of the file application/modules/vendor/controllers/AddProduct.php of the component Vendor Image Manager. Executing a...

5.5CVSS5.8AI score0.00323EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-14635 kirilkirkov Ecommerce-CodeIgniter-Bootstrap Vendor Multi-Image Endpoint AddProduct.php path traversal

A security flaw has been discovered in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 222ff31c06687b1c6d0e1ab63953f82c3674c52b. This issue affects some unknown processing of the file application/modules/vendor/controllers/AddProduct.php of the component Vendor Multi-Image Endpoint. Performing ...

7.5CVSS6.5AI score0.00437EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14634 kirilkirkov Ecommerce-CodeIgniter-Bootstrap Subscribed Emails Admin MY_Controller.php checkForPostRequests cross site scripting

A vulnerability was identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 213babdbaa949e94557246414db0130e01394517. This vulnerability affects the function checkForPostRequests of the file application/core/MYController.php of the component Subscribed Emails Admin Page. Such manipulation...

5.3CVSS4.1AI score0.00288EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 3 days ago5 views

CVE-2026-14632 kirilkirkov Ecommerce-CodeIgniter-Bootstrap Trusted Backend MY_Controller.php setReferrer redirect

A vulnerability was found in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 95dfa8cebbb87ab46ae450643a07241274a74dce. Affected by this issue is the function setReferrer of the file application/core/MYController.php of the component Trusted Backend Interface. The manipulation of the argument hr...

5.3CVSS5.5AI score0.00273EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14630 ForceInjection AI-fundermentals Memory Recall smart_customer_service.py get_conversation_history weak hash

A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function getconversationhistory of the file 08agenticsystem/memory/langchain/code/smartcustomerservice.py of the component Memory Recall Handler. The manipulation leads to use of weak...

3.1CVSS4.9AI score0.0016EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14535 Fickling MLAllowlist analysis pass rendered inoperative by shared mutable state in AnalysisContext.shorten_code()

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...

8.8CVSS5.9AI score0.00304EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14534 Fickling check_safety() bypass via unlisted standard library modules (_posixsubprocess, site, atexit)

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...

8.8CVSS5.8AI score0.00328EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14629 RT-Thread Parameter lwp_syscall.c sys_ioctl divide by zero

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sysioctl of the file components/lwp/lwpsyscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may...

5.3CVSS5.5AI score0.00309EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14628 NousResearch hermes-agent Live Webhook Endpoint base.py extract_media path traversal

A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extractmedia of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit is...

6.9CVSS5.8AI score0.00551EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2025-13475 Cross-Tenant Access via Application Consent Mismanagement in Multiple WSO2 Products Allows Unauthorized Data Exposure

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants,...

3.5CVSS5.9AI score0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14627 NousResearch hermes-agent Discord Platform Integration discord.py DiscordAdapter._is_allowed_user improper authentication

A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter.isalloweduser of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack can b...

6.3CVSS5.5AI score0.00369EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-12196 HestiaCP Admin Takeover

HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlyi...

8.3CVSS6AI score0.00256EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-12195

myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the vftpuser parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVest...

8.5CVSS6.7AI score0.00656EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14625 NousResearch hermes-agent server.py shell.exec protection mechanism

A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tuigateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to...

6.5CVSS6.2AI score0.00224EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14624 omec-project amf NGSetupRequest handler.go denial of service

A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf/ngap/handler.go of the component NGSetupRequest Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit is public...

5.3CVSS5.3AI score0.00317EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14623 omec-project amf NGAP Message RRCInactiveTransitionReport denial of service

A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclos...

5.3CVSS5.4AI score0.00522EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14622 jairiidriss restaurant-website-php-mysql AJAX Endpoint ajax_files missing authentication

A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajaxfiles of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is...

7.5CVSS6.6AI score0.00517EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14621 FederatedAI FATE OSX Broker QueuePushReqStreamObserver.java QueuePushReqStreamObserver.initEggroll wrong session

A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument...

3.1CVSS5.1AI score0.00299EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-12194 PHPIPAM Authenticated LFI

PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execute/include arbitrary PHP files on the web server's file system. The API is not enabled by default on installations...

2.3CVSS6.1AI score0.00378EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-14618 Open5GS AMF nnrf-handler.c amf_nnrf_handle_nf_discover denial of service

A vulnerability was detected in Open5GS up to 2.7.7. Affected by this vulnerability is the function amfnnrfhandlenfdiscover of the file src/amf/nnrf-handler.c of the component AMF. The manipulation results in denial of service. The attack may be launched remotely. The exploit is now public and ma...

5.3CVSS5.5AI score0.00316EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2025-71380 n8n - Arbitrary Command Execution via Execute Command Node

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2025-71373 picklescan - Remote Code Execution via operator.methodcaller Detection Bypass

picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on...

8.1CVSS6.3AI score0.00444EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2025-71369 picklescan - Unsafe Deserialization via torch.utils.data.datapipes.utils.decoder.basichandlers

picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed undetected malicious code in pickle files that executes during deserialization,...

8.1CVSS6.3AI score0.00445EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2025-71367 picklescan - Remote Code Execution via _operator.attrgetter Detection Bypass

picklescan before 0.0.34 fails to detect operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using operator.attrgetter in reduce methods to execute arbitrary code when pickle.load processes the file...

8.1CVSS6.3AI score0.00445EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2025-71366 picklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_cprofile

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.main.runcprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2025-71362 picklescan - Arbitrary Code Execution via Unsafe Deserialization in numpy.f2py.crackfortran

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2025-71356 picklescan - Arbitrary Code Execution via torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression

picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolicshapes.ShapeEnv.evaluateguardsexpression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded by victims...

8.1CVSS6.2AI score0.003EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2025-71359 picklescan - Unsafe Deserialization via lib2to3.pgen2.grammar.Grammar.loads

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load...

8.1CVSS6.3AI score0.00427EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2025-71353 picklescan - Remote Code Execution via torch._dynamo.guards.GuardBuilder.get

picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch.dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago2 views

CVE-2025-71345 picklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_autograd_prof

picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.main.runautogradprof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution...

8.1CVSS6.3AI score0.00427EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2025-71347 picklescan - Undetected Remote Code Execution via numpy.f2py.crackfortran.param_eval

picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.parameval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files that executes during deserialization, enabling arbitrary cod...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago2 views

CVE-2025-71342 picklescan - Undetected Remote Code Execution via idlelib.run.Executive.runcode

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks...

8.1CVSS6.6AI score0.00427EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-12252 Untrusted JAR Code Execution in Multiple Stanford Interface Classes in nltk/nltk

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.7AI score0.0015EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-54424

An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance o...

8.4CVSS6AI score0.00245EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 4 days ago4 views

CVE-2026-14617 NousResearch hermes-agent Streaming Reasoning Tag Filter stream_consumer.py GatewayStreamConsumer._filter_and_accumulate case sensitivity

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer.filterandaccumulate of the file gateway/streamconsumer.py of the component Streaming Reasoning Tag Filter. The manipulation leads to improper handling of case...

3.1CVSS5AI score0.00237EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 4 days ago4 views

CVE-2026-14611 DeepMyst Mysti Per-Project Auto-Memory MemoryManager.ts initProjectMemory exposure of resource

A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attac...

5.3CVSS5.5AI score0.00253EPSS
Exploits0References8
Total number of security vulnerabilities160586