|
191
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument __proto__ causes improperly cont…
|
CWE-94
CWE-1321
Code Injection
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-6621
|
2026-04-20 18:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
192
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of t…
|
CWE-22
Path Traversal
|
CVE-2026-6620
|
2026-04-20 18:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
193
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePrevie…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6619
|
2026-04-20 18:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedTool…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6618
|
2026-04-20 18:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195
|
8.8 |
HIGH
Network
|
-
|
-
|
ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privilege…
|
CWE-78
OS Command
|
CVE-2026-5967
|
2026-04-20 18:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196
|
7.8 |
HIGH
Local
|
-
|
-
|
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or plac…
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-39454
|
2026-04-20 18:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6617
|
2026-04-20 17:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extract_with_bs4/extract_with_3k/extract_with_lxml of the file superagi/helper/webpag…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6616
|
2026-04-20 17:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the component Multipart Uplo…
|
CWE-22
Path Traversal
|
CVE-2026-6615
|
2026-04-20 17:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200
|
8.1 |
HIGH
Network
|
-
|
-
|
ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on th…
|
CWE-23
Relative Path Traversal
|
CVE-2026-5966
|
2026-04-20 17:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
