Aggregator
CVE-2026-15528 | lamaalrajih kicad-mcp up to 3.3.1 path_validator.py project_path/schematic_path protection mechanism (Issue 57)
4 days 20 hours ago
A vulnerability was found in lamaalrajih kicad-mcp up to 3.3.1. It has been classified as problematic. This issue affects some unknown processing of the file kicad_mcp/utils/path_validator.py. Performing a manipulation of the argument project_path/schematic_path results in protection mechanism failure.
This vulnerability is known as CVE-2026-15528. Attacking locally is a requirement. Furthermore, an exploit is available.
The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com
CVE-2026-15527 | better-auth better-icons up to 1.0.5 scan_project_icons/sync_icon icons_file path traversal (Issue 18)
4 days 20 hours ago
A vulnerability was found in better-auth better-icons up to 1.0.5 and classified as critical. This vulnerability affects unknown code of the component scan_project_icons/sync_icon. Such manipulation of the argument icons_file leads to path traversal.
This vulnerability is traded as CVE-2026-15527. An attack has to be approached locally. Furthermore, there is an exploit available.
The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com
Submit #854531: lamaalrajih kicad-mcp 3.3.1 Information Disclosure [Accepted]
4 days 20 hours ago
Submit #854531 / VDB-377866
Mcfly_Zhang
Submit #854530: better-auth better-icons 1.0.5 Code Injection [Accepted]
4 days 20 hours ago
Submit #854530 / VDB-377865
Mcfly_Zhang
CVE-2026-56308 | Capgo up to 12.128.1 Account email address improper authentication (EUVD-2026-43230)
4 days 20 hours ago
A vulnerability has been found in Capgo up to 12.128.1 and classified as critical. This affects an unknown part of the component Account. This manipulation of the argument email address causes improper authentication.
This vulnerability appears as CVE-2026-56308. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2026-56271 | Flowise up to 3.0.x Enterprise Passport Authentication Middleware index.ts JWT_AUTH_TOKEN_SECRET/JWT_REFRESH_TOKEN_SECRET inadequate encryption (EUVD-2026-43228)
4 days 20 hours ago
A vulnerability, which was classified as problematic, was found in Flowise up to 3.0.x. Affected by this issue is some unknown functionality of the file packages/server/src/enterprise/middleware/passport/index.ts of the component Enterprise Passport Authentication Middleware. The manipulation of the argument JWT_AUTH_TOKEN_SECRET/JWT_REFRESH_TOKEN_SECRET results in inadequate encryption strength.
This vulnerability is reported as CVE-2026-56271. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2026-56260 | Crawl4AI up to 0.8.6 Docker API output_path denial of service (EUVD-2026-43227)
4 days 20 hours ago
A vulnerability, which was classified as critical, has been found in Crawl4AI up to 0.8.6. Affected by this vulnerability is an unknown functionality of the component Docker API. The manipulation of the argument output_path leads to denial of service.
This vulnerability is documented as CVE-2026-56260. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2026-56259 | Crawl4AI up to 0.8.7 Docker API /llm/job base_url/api_token redirect (EUVD-2026-43226)
4 days 20 hours ago
A vulnerability classified as problematic was found in Crawl4AI up to 0.8.7. Affected is an unknown function of the file /llm/job of the component Docker API. Executing a manipulation of the argument base_url/api_token can lead to open redirect.
This vulnerability is registered as CVE-2026-56259. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2026-56241 | Capgo up to 12.128.1 Role Binding Deletion org_users.php delete_role_binding user_right information disclosure (EUVD-2026-43224)
4 days 20 hours ago
A vulnerability classified as problematic has been found in Capgo up to 12.128.1. This impacts the function delete_role_binding of the file org_users.php of the component Role Binding Deletion Handler. Performing a manipulation of the argument user_right results in information disclosure.
This vulnerability is cataloged as CVE-2026-56241. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2026-56313 | Capgo up to 12.128.1 SSO Prelink Endpoint password recovery (EUVD-2026-43231)
4 days 20 hours ago
A vulnerability described as problematic has been identified in Capgo up to 12.128.1. This affects an unknown function of the component SSO Prelink Endpoint. Such manipulation leads to weak password recovery.
This vulnerability is listed as CVE-2026-56313. The attack may be performed from remote. There is no available exploit.
vuldb.com
CVE-2026-56281 | Capgo up to 12.128.1 Analytics Backend /private/admin_stats limit sql injection (EUVD-2026-43229)
4 days 20 hours ago
A vulnerability marked as problematic has been reported in Capgo up to 12.128.1. The impacted element is an unknown function of the file /private/admin_stats of the component Analytics Backend. This manipulation of the argument limit causes sql injection.
This vulnerability is tracked as CVE-2026-56281. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2026-56238 | Capgo up to 12.128.1 Global Stats Endpoint /rest/v1/global_stats apikey information disclosure (EUVD-2026-43223)
4 days 20 hours ago
A vulnerability labeled as problematic has been found in Capgo up to 12.128.1. The affected element is an unknown function of the file /rest/v1/global_stats of the component Global Stats Endpoint. The manipulation of the argument apikey results in information disclosure.
This vulnerability is identified as CVE-2026-56238. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2026-56252 | Capgo up to 12.128.1 Scope Isolation /webhooks/test api_key improper authorization (EUVD-2026-43225)
4 days 20 hours ago
A vulnerability identified as critical has been detected in Capgo up to 12.128.1. Impacted is an unknown function of the file /webhooks/test of the component Scope Isolation. The manipulation of the argument api_key leads to improper authorization.
This vulnerability is referenced as CVE-2026-56252. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2024-35820 | Linux Kernel up to 6.7.11/6.8.2 io_uring __io_queue_proc privilege escalation (51a490a7f63c/0ecb8919469e/1a8ec63b2b6c / WID-SEC-2024-1188)
4 days 20 hours ago
This issue is likely a false positive. Please verify the cited sources and consider not including this entry.
vuldb.com
CVE-2024-35821 | Linux Kernel up to 6.8.2 ubifs_write_end allocation of resources (Nessus ID 239850 / WID-SEC-2024-1188)
4 days 20 hours ago
A vulnerability classified as problematic was found in Linux Kernel up to 6.8.2. The impacted element is the function ubifs_write_end. Executing a manipulation can lead to allocation of resources.
The identification of this vulnerability is CVE-2024-35821. The attack needs to be done within the local network. There is no exploit available.
Upgrading the affected component is advised.
vuldb.com
CVE-2024-35818 | Linux Kernel up to 6.1.83/6.6.23/6.7.11/6.8.2 LoongArch locking (WID-SEC-2024-1188)
4 days 20 hours ago
A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.1.83/6.6.23/6.7.11/6.8.2. This impacts an unknown function of the component LoongArch. Such manipulation leads to improper locking.
This vulnerability is traded as CVE-2024-35818. Access to the local network is required for this attack to succeed. There is no exploit available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2024-35819 | Linux Kernel up to 6.8.2 qbman cgr_lock denial of service (WID-SEC-2024-1188)
4 days 20 hours ago
A vulnerability identified as problematic has been detected in Linux Kernel up to 6.8.2. Affected is the function cgr_lock of the component qbman. Performing a manipulation results in denial of service.
This vulnerability is known as CVE-2024-35819. Access to the local network is required for this attack. No exploit is available.
You should upgrade the affected component.
vuldb.com
CVE-2024-35817 | Linux Kernel up to 6.8.2 amdgpu_ttm_gart_bind memory corruption (Nessus ID 207729 / WID-SEC-2024-1188)
4 days 20 hours ago
A vulnerability described as critical has been identified in Linux Kernel up to 5.15.153/6.1.83/6.6.23/6.7.11/6.8.2. Impacted is the function amdgpu_ttm_gart_bind. Such manipulation leads to memory corruption.
This vulnerability is uniquely identified as CVE-2024-35817. The attack can only be initiated within the local network. No exploit exists.
Upgrading the affected component is recommended.
vuldb.com
CVE-2024-35816 | Linux Kernel up to 6.6.23/6.7.11 firewire free_irq memory leak (43c70cbc2502/318f6d53dd42/575801663c7d / WID-SEC-2024-1188)
4 days 20 hours ago
A vulnerability was found in Linux Kernel up to 6.6.23/6.7.11. It has been declared as critical. The impacted element is the function free_irq of the component firewire. The manipulation results in memory leak.
This vulnerability is reported as CVE-2024-35816. The attacker must have access to the local network to execute the attack. No exploit exists.
It is recommended to upgrade the affected component.
vuldb.com