| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-47414 | hig | 0.38 | — | 0.00 | May 29, 2026 | ## Summary **Type:** Insecure Direct Object Reference. Five label endpoints — `PATCH /workspaces/{workspace_id}/labels/{label_id}`, `DELETE .../labels/{label_id}`, `POST .../issues/{issue_id}/labels/{label_id}`, `DELETE .../issues/{issue_id}/labels/{label_id}`, `GET… | ||
| CVE-2026-47406 | hig | 0.38 | — | 0.00 | May 29, 2026 | ## Summary **Type:** Insecure Direct Object Reference. The dependency endpoints (`POST/GET /workspaces/{workspace_id}/issues/{issue_id}/dependencies` and `DELETE .../dependencies/{dep_id}`) gate access on `require_workspace_member(workspace_id)` only, then dispatch to… | ||
| CVE-2026-47405 | hig | 0.38 | — | 0.00 | May 29, 2026 | ### Summary PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate their own role to `owner`. The issue is caused by privileged workspace-management routes using the shared dependency… | ||
| CVE-2026-47399 | hig | 0.38 | — | 0.00 | May 29, 2026 | ### Summary PraisonAI Platform's workspace-scoped REST routes contain a systemic object-level authorization flaw that allows an authenticated user from one workspace to access, modify, and delete objects belonging to another workspace by supplying the victim object's global… | ||
| CVE-2026-48169 | hig | 0.38 | — | 0.00 | May 29, 2026 | ### Summary The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and projects performs global primary-key lookups without checking workspace ownership, so any authenticated user can read, modify, and… | ||
| CVE-2026-47397 | hig | 0.38 | — | 0.00 | May 29, 2026 | # Bug Report: Arbitrary File Write in Python API ## Summary Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. `write_file` skips path validation when `workspace=None` (always `None` in production). ## Affected … | ||
| CVE-2026-47394 | hig | 0.38 | — | 0.00 | May 29, 2026 | ## Summary The fix for GHSA-9mqq-jqxf-grvw / CVE-2026-44336 is incomplete. The original advisory description named four vulnerable handlers in `mcp_server/adapters/cli_tools.py`: > "registers four file-handling tools by default, `praisonai.rules.create`,… | ||
| CVE-2026-47398 | hig | 0.38 | — | 0.00 | May 29, 2026 | Arbitrary code execution via ungated spec.loader.exec_module in agents_generator.py (v4.6.32 chokepoint refactor bypass) Summary The v4.6.32 chokepoint refactor (which patched CVE-2026-44334 /… | ||
| CVE-2026-47231 | hig | 0.38 | — | 0.00 | May 29, 2026 | ## Summary `modules/documents-files.php` gates state-changing modes by checking that the actor has `hasUploadRight()` on the URL parameter `folder_uuid`. The `move_save` handler then operates on a *separate* URL parameter `file_uuid` and calls… | ||
| CVE-2026-47211 | — | hig | 0.39 | — | 0.01 | May 29, 2026 | ### Impact A Remote Code Execution (RCE) vulnerability was discovered in Ouroboros. If a user clones a malicious repository and runs Ouroboros commands within that directory, it can lead to arbitrary code execution and potential system takeover. The vulnerability (CWE-426:… | |
| CVE-2026-47695 | hig | 0.45 | — | 0.00 | May 29, 2026 | ### Summary CC-Tweaked's HTTP API (`http.request`, `http.websocket`) blocks requests to private network ranges to prevent server-side request forgery (SSRF). This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses (`64:ff9b::/96`). An… | ||
| CVE-2026-48557 | Hig | 0.50 | 8.8 | 0.00 | May 29, 2026 | Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer(). The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo()… | ||
| CVE-2026-48555 | Hig | 0.41 | 7.4 | 0.00 | May 29, 2026 | Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl() method in… | ||
| CVE-2026-47266 | Hig | 0.50 | — | 0.00 | May 29, 2026 | Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26. | ||
| CVE-2026-47123 | Hig | 0.42 | 7.5 | 0.00 | May 29, 2026 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent (user) replies based on In-Reply-To / References headers. The… | ||
| CVE-2026-46599 | Hig | 0.42 | 7.5 | 0.00 | May 29, 2026 | The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height and encoded size) to make the decoder decode large amounts of compressed data. | ||
| CVE-2026-46527 | Hig | 0.42 | 7.5 | 0.00 | May 29, 2026 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::set_trusted_proxies() with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose… | ||
| CVE-2026-46385 | Hig | 0.50 | — | 0.00 | May 29, 2026 | iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which… | ||
| CVE-2026-46384 | Hig | 0.50 | — | 0.00 | May 29, 2026 | iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On… | ||
| CVE-2026-44422 | Hig | 0.42 | 7.5 | 0.00 | May 29, 2026 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is… | ||
| CVE-2026-44421 | Hig | 0.50 | 8.8 | 0.00 | May 29, 2026 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is… | ||
| CVE-2026-44420 | Hig | 0.50 | 8.8 | 0.03 | May 29, 2026 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can… | ||
| CVE-2026-44285 | Hig | 0.50 | 7.7 | 0.00 | May 29, 2026 | FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This… | ||
| CVE-2026-47255 | hig | 0.39 | — | 0.00 | May 29, 2026 | The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated and bound inactive-agent hour filtering; storage SQL identifier validation; metadata-backed ownership checks for raw storage SQL;… | ||
| CVE-2026-49374 | Hig | 0.49 | 7.6 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters | ||
| CVE-2026-49373 | Hig | 0.46 | 7.1 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings | ||
| CVE-2026-49372 | Hig | 0.49 | 7.5 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible | ||
| CVE-2026-49371 | Hig | 0.46 | 7.1 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible | ||
| CVE-2026-49368 | Hig | 0.57 | 8.7 | 0.00 | May 29, 2026 | In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible | ||
| CVE-2026-49367 | Hig | 0.52 | 8.0 | 0.00 | May 29, 2026 | In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account | ||
| CVE-2026-49366 | Hig | 0.51 | 7.8 | 0.00 | May 29, 2026 | In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion | ||
| CVE-2026-47740 | Hig | 0.46 | 8.1 | 0.00 | May 29, 2026 | Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel,… | ||
| CVE-2026-46372 | Hig | 0.48 | 8.5 | 0.01 | May 29, 2026 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern exposes /api/search/searxng, which accepts attacker-controlled… | ||
| CVE-2026-44648 | — | Hig | 0.42 | 7.5 | 0.00 | May 29, 2026 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authentication, storing all session… | |
| CVE-2026-42941 | Hig | 0.54 | 8.3 | 0.00 | May 29, 2026 | The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change. | ||
| CVE-2026-42929 | Hig | 0.54 | 8.3 | 0.00 | May 29, 2026 | Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials. | ||
| CVE-2026-38739 | hig | 0.45 | — | 0.00 | May 29, 2026 | NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. ### Impact There is a security… | ||
| CVE-2026-6824 | Hig | 0.55 | 8.4 | 0.00 | May 29, 2026 | A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend.… | ||
| CVE-2026-5768 | Hig | 0.57 | 8.8 | 0.00 | May 29, 2026 | The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping… | ||
| CVE-2026-47179 | Hig | 0.43 | 7.7 | 0.00 | May 29, 2026 | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation… | ||
| CVE-2026-47125 | Hig | 0.50 | 8.8 | 0.00 | May 29, 2026 | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/{id}/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in every project's compose file, is… | ||
| CVE-2026-45627 | Hig | 0.46 | 8.2 | 0.00 | May 29, 2026 | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query parameter into the body of an SVG document via strings.ReplaceAll with no escaping.… | ||
| CVE-2026-44697 | Hig | 0.49 | 8.6 | 0.00 | May 29, 2026 | Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decompress (data/batch/batch.go) allows any peer that participates in a topic served by MultiDataInterceptor to allocate… | ||
| CVE-2026-10108 | Hig | 0.42 | 7.5 | 0.01 | May 29, 2026 | xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/{file_path:path} endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can… | ||
| CVE-2026-10107 | Hig | 0.43 | 7.7 | 0.00 | May 29, 2026 | MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resource_token cookie and a URL whose domain matches the assembled allowlist. Attackers can bypass internal… | ||
| CVE-2026-10105 | Hig | 0.47 | 8.3 | 0.00 | May 29, 2026 | agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the delete_by_metadata() method. Attackers can exploit the unsafe f-string… | ||
| CVE-2026-45742 | hig | 0.38 | — | 0.00 | May 29, 2026 | ### Summary Gotenberg is vulnerable to a remote denial of service in multipart `downloadFrom` handling. A multipart request containing multiple `downloadFrom` entries causes concurrent goroutines to write to shared maps without synchronization. This can terminate the process… | ||
| CVE-2026-45741 | hig | 0.45 | — | 0.00 | May 29, 2026 | ### Summary `IsPublicIP` in `pkg/gotenberg/outbound.go` incorrectly classifies IPv6 6to4 / NAT64 / deprecated site-local addresses as public IPs, allowing an unauthenticated attacker to reach internal destinations (e.g., cloud metadata services at `169.254.169.254`) via a… | ||
| CVE-2026-44829 | hig | 0.38 | — | 0.00 | May 29, 2026 | ### Summary `filepath.Base` on the Linux container does not strip backslashes (`\`), because `\` is only a path separator on Windows. A multipart filename like `..\..\..\..\Windows\System32\evil.pdf` survives Gotenberg's input sanitisation and lands verbatim as the zip entry… | ||
| CVE-2026-48501 | Hig | 0.41 | 7.4 | 0.00 | May 29, 2026 | GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP… |
- risk 0.38cvss —epss 0.00
## Summary **Type:** Insecure Direct Object Reference. Five label endpoints — `PATCH /workspaces/{workspace_id}/labels/{label_id}`, `DELETE .../labels/{label_id}`, `POST .../issues/{issue_id}/labels/{label_id}`, `DELETE .../issues/{issue_id}/labels/{label_id}`, `GET…
- risk 0.38cvss —epss 0.00
## Summary **Type:** Insecure Direct Object Reference. The dependency endpoints (`POST/GET /workspaces/{workspace_id}/issues/{issue_id}/dependencies` and `DELETE .../dependencies/{dep_id}`) gate access on `require_workspace_member(workspace_id)` only, then dispatch to…
- risk 0.38cvss —epss 0.00
### Summary PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate their own role to `owner`. The issue is caused by privileged workspace-management routes using the shared dependency…
- risk 0.38cvss —epss 0.00
### Summary PraisonAI Platform's workspace-scoped REST routes contain a systemic object-level authorization flaw that allows an authenticated user from one workspace to access, modify, and delete objects belonging to another workspace by supplying the victim object's global…
- risk 0.38cvss —epss 0.00
### Summary The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and projects performs global primary-key lookups without checking workspace ownership, so any authenticated user can read, modify, and…
- risk 0.38cvss —epss 0.00
# Bug Report: Arbitrary File Write in Python API ## Summary Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. `write_file` skips path validation when `workspace=None` (always `None` in production). ## Affected …
- risk 0.38cvss —epss 0.00
## Summary The fix for GHSA-9mqq-jqxf-grvw / CVE-2026-44336 is incomplete. The original advisory description named four vulnerable handlers in `mcp_server/adapters/cli_tools.py`: > "registers four file-handling tools by default, `praisonai.rules.create`,…
- risk 0.38cvss —epss 0.00
Arbitrary code execution via ungated spec.loader.exec_module in agents_generator.py (v4.6.32 chokepoint refactor bypass) Summary The v4.6.32 chokepoint refactor (which patched CVE-2026-44334 /…
- risk 0.38cvss —epss 0.00
## Summary `modules/documents-files.php` gates state-changing modes by checking that the actor has `hasUploadRight()` on the URL parameter `folder_uuid`. The `move_save` handler then operates on a *separate* URL parameter `file_uuid` and calls…
- risk 0.39cvss —epss 0.01
### Impact A Remote Code Execution (RCE) vulnerability was discovered in Ouroboros. If a user clones a malicious repository and runs Ouroboros commands within that directory, it can lead to arbitrary code execution and potential system takeover. The vulnerability (CWE-426:…
- risk 0.45cvss —epss 0.00
### Summary CC-Tweaked's HTTP API (`http.request`, `http.websocket`) blocks requests to private network ranges to prevent server-side request forgery (SSRF). This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses (`64:ff9b::/96`). An…
- risk 0.50cvss 8.8epss 0.00
Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer(). The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo()…
- risk 0.41cvss 7.4epss 0.00
Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl() method in…
- risk 0.50cvss —epss 0.00
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26.
- risk 0.42cvss 7.5epss 0.00
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent (user) replies based on In-Reply-To / References headers. The…
- risk 0.42cvss 7.5epss 0.00
The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height and encoded size) to make the decoder decode large amounts of compressed data.
- risk 0.42cvss 7.5epss 0.00
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::set_trusted_proxies() with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose…
- risk 0.50cvss —epss 0.00
iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which…
- risk 0.50cvss —epss 0.00
iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On…
- risk 0.42cvss 7.5epss 0.00
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is…
- risk 0.50cvss 8.8epss 0.00
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is…
- risk 0.50cvss 8.8epss 0.03
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can…
- risk 0.50cvss 7.7epss 0.00
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This…
- risk 0.39cvss —epss 0.00
The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated and bound inactive-agent hour filtering; storage SQL identifier validation; metadata-backed ownership checks for raw storage SQL;…
- risk 0.49cvss 7.6epss 0.00
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
- risk 0.46cvss 7.1epss 0.00
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
- risk 0.49cvss 7.5epss 0.00
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
- risk 0.46cvss 7.1epss 0.00
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
- risk 0.57cvss 8.7epss 0.00
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
- risk 0.52cvss 8.0epss 0.00
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
- risk 0.51cvss 7.8epss 0.00
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
- risk 0.46cvss 8.1epss 0.00
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel,…
- risk 0.48cvss 8.5epss 0.01
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern exposes /api/search/searxng, which accepts attacker-controlled…
- risk 0.42cvss 7.5epss 0.00
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authentication, storing all session…
- risk 0.54cvss 8.3epss 0.00
The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change.
- risk 0.54cvss 8.3epss 0.00
Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials.
- risk 0.45cvss —epss 0.00
NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. ### Impact There is a security…
- risk 0.55cvss 8.4epss 0.00
A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend.…
- risk 0.57cvss 8.8epss 0.00
The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping…
- risk 0.43cvss 7.7epss 0.00
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation…
- risk 0.50cvss 8.8epss 0.00
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/{id}/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in every project's compose file, is…
- risk 0.46cvss 8.2epss 0.00
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query parameter into the body of an SVG document via strings.ReplaceAll with no escaping.…
- risk 0.49cvss 8.6epss 0.00
Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decompress (data/batch/batch.go) allows any peer that participates in a topic served by MultiDataInterceptor to allocate…
- risk 0.42cvss 7.5epss 0.01
xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/{file_path:path} endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can…
- risk 0.43cvss 7.7epss 0.00
MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resource_token cookie and a URL whose domain matches the assembled allowlist. Attackers can bypass internal…
- risk 0.47cvss 8.3epss 0.00
agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the delete_by_metadata() method. Attackers can exploit the unsafe f-string…
- risk 0.38cvss —epss 0.00
### Summary Gotenberg is vulnerable to a remote denial of service in multipart `downloadFrom` handling. A multipart request containing multiple `downloadFrom` entries causes concurrent goroutines to write to shared maps without synchronization. This can terminate the process…
- risk 0.45cvss —epss 0.00
### Summary `IsPublicIP` in `pkg/gotenberg/outbound.go` incorrectly classifies IPv6 6to4 / NAT64 / deprecated site-local addresses as public IPs, allowing an unauthenticated attacker to reach internal destinations (e.g., cloud metadata services at `169.254.169.254`) via a…
- risk 0.38cvss —epss 0.00
### Summary `filepath.Base` on the Linux container does not strip backslashes (`\`), because `\` is only a path separator on Windows. A multipart filename like `..\..\..\..\Windows\System32\evil.pdf` survives Gotenberg's input sanitisation and lands verbatim as the zip entry…
- risk 0.41cvss 7.4epss 0.00
GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP…