Search

Search Results (366276 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-38267 1 Zyxel 82 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 79 more 2026-02-24 4.9 Medium
An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.
CVE-2023-40923 1 Myprestamodules 1 Orders \(csv\, Excel\) Export Pro 2026-02-24 8.8 High
MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters.
CVE-2023-37274 1 Agpt 1 Autogpt Classic 2026-02-24 7.6 High
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which should not have access to any files outside of the Auto-GPT workspace directory. Before v0.4.3, the `execute_python_code` command (introduced in v0.4.1) does not sanitize the `basename` arg before writing LLM-supplied code to a file with an LLM-supplied name. This allows for a path traversal attack that can overwrite any .py file outside the workspace directory by specifying a `basename` such as `../../../main.py`. This can further be abused to achieve arbitrary code execution on the host running Auto-GPT by e.g. overwriting autogpt/main.py which will be executed outside of the docker environment meant to sandbox custom python code execution the next time Auto-GPT is started. The issue has been patched in version 0.4.3. As a workaround, the risk introduced by this vulnerability can be remediated by running Auto-GPT in a virtual machine, or another environment in which damage to files or corruption of the program is not a critical problem.
CVE-2023-37275 1 Agpt 1 Autogpt Classic 2026-02-24 3.1 Low
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to review and control which commands should be executed. Before v0.4.3, it was possible for a malicious external resource (such as a website browsed by Auto-GPT) to cause misleading messages to be printed to the console by getting the LLM to regurgitate JSON encoded ANSI escape sequences (`\u001b[`). These escape sequences were JSON decoded and printed to the console as part of the model's "thinking process". The issue has been patched in release version 0.4.3.
CVE-2022-0762 1 Microweber 1 Microweber 2026-02-24 5.5 Medium
Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-0611 1 Snipeitapp 1 Snipe-it 2026-02-24 6.3 Medium
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.
CVE-2022-0588 1 Librenms 1 Librenms 2026-02-24 7.1 High
Missing Authorization in Packagist librenms/librenms prior to 22.2.0.
CVE-2022-0580 1 Librenms 1 Librenms 2026-02-24 7.1 High
Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0.
CVE-2022-0579 1 Snipeitapp 1 Snipe-it 2026-02-24 6.5 Medium
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.
CVE-2022-0569 1 Snipeitapp 1 Snipe-it 2026-02-24 5.3 Medium
Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.
CVE-2022-0565 1 Pimcore 1 Pimcore 2026-02-24 7.6 High
Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.
CVE-2022-0536 2 Follow-redirects Project, Redhat 7 Follow-redirects, Acm, Openshift Data Foundation and 4 more 2026-02-24 2.6 Low
Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.
CVE-2022-0528 1 Transloadit 1 Uppy 2026-02-24 6.5 Medium
Server-Side Request Forgery (SSRF) in GitHub repository transloadit/uppy prior to 3.3.1.
CVE-2022-0355 1 Simple-get Project 1 Simple-get 2026-02-24 8.8 High
Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1.
CVE-2022-0338 1 Loguru Project 1 Loguru 2026-02-24 4.3 Medium
Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3.
CVE-2022-0282 1 Microweber 1 Microweber 2026-02-24 4.3 Medium
Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0178 1 Snipeitapp 1 Snipe-it 2026-02-24 6.3 Medium
Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.
CVE-2022-0121 1 Hoppscotch 1 Hoppscotch 2026-02-24 8 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hoppscotch hoppscotch/hoppscotch.This issue affects hoppscotch/hoppscotch before 2.1.1.
CVE-2024-38882 1 Horizoncloud 1 Caterease 2026-02-24 9.8 Critical
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command.
CVE-2024-38881 1 Horizoncloud 1 Caterease 2026-02-24 7.5 High
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords.