Medium
CVSS: 6.9
Yayın: 2026-04-26 06:16:02
A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the a…
Medium
CVSS: 5.1
Yayın: 2026-04-26 06:16:00
A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is…
Medium
CVSS: 6.3
Yayın: 2026-04-26 05:16:02
A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path tra…
High
CVSS: 7.4
Yayın: 2026-04-26 05:16:01
A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument menufacturer/Go leads to buffer overflow. The attack is possible to be ca…
Medium
CVSS: 6.3
Yayın: 2026-04-26 04:16:09
A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT T…
Medium
CVSS: 4.8
Yayın: 2026-04-26 04:16:08
A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument f_ushka_new/f_ushk results in cross site scripting. Remote exploitation of the attack is po…
High
CVSS: 7.2
Yayın: 2026-04-26 04:16:05
Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation.
Medium
CVSS: 4.8
Yayın: 2026-04-26 03:16:00
A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument f_text/f_slug/f_limit/f_email leads to cross site scripting. The attack may be…
Medium
CVSS: 4.8
Yayın: 2026-04-26 03:16:00
A flaw has been found in MaxSite CMS up to 109.3. This vulnerability affects unknown code of the component down_count Plugin. This manipulation of the argument f_file/f_prefix causes cross site scripting. The attack may be initiated remotely. The exp…
Medium
CVSS: 4.8
Yayın: 2026-04-26 03:16:00
A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mail_send Plugin. The manipulation of the argument f_subject/f_files/f_from leads to cross site scripting. Th…
Medium
CVSS: 4.0
Yayın: 2026-04-26 03:15:59
Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response.
Medium
CVSS: 4.8
Yayın: 2026-04-26 02:16:06
A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument f_all/f_all404 results in cross site scripting. The attack can be launched remotely. The exploit…
Medium
CVSS: 4.8
Yayın: 2026-04-26 01:15:59
A weakness has been identified in MaxSite CMS up to 109.3. Affected by this vulnerability is an unknown functionality of the file /admin/plugin_antispam of the component Antispam Plugin. Executing a manipulation of the argument f_logging_file can lea…
Unknown
CVSS: -
Yayın: 2026-04-24 23:16:31
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
High
CVSS: 7.8
Yayın: 2026-04-24 22:16:01
NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references)…
Low
CVSS: 3.1
Yayın: 2026-04-24 21:16:19
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) validated URLs for SSRF protection and then fetched t…
Medium
CVSS: 6.5
Yayın: 2026-04-24 21:16:19
LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters
1.1.2, HTMLHeaderTextSplitter.split_text_from_url() validated the initial URL using validate_safe_url() but then performed the fetch with re…
Critical
CVSS: 9.9
Yayın: 2026-04-24 21:16:19
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at l…
High
CVSS: 8.8
Yayın: 2026-04-24 21:16:19
CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/s…
Medium
CVSS: 5.3
Yayın: 2026-04-24 21:16:18
CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where the POST /api/ai-scanner/callback endpoint lacks authentication and allows unauthenticated attackers to inject malicious JavaScri…