|
4161
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request fo…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6119
|
2026-04-25 02:58 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4162
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler…
|
CWE-74
CWE-94
Injection
Code Injection
|
CVE-2026-6125
|
2026-04-25 02:58 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4163
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missin…
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-6126
|
2026-04-25 02:58 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4164
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing aut…
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-6129
|
2026-04-25 02:58 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4165
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-6130
|
2026-04-25 02:58 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4166
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse_url.ts. Executing a manipulation can lea…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-6141
|
2026-04-25 02:58 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4167
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. Affected by this vulnerability is an unknown functionality of the file /admin/roo…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6142
|
2026-04-25 02:58 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4168
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. …
|
CWE-346
CWE-942
Origin Validation Error
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-6143
|
2026-04-25 02:57 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4169
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. …
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6148
|
2026-04-25 02:57 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4170
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issue is some unknown functionality of the file /util/BookVehicleFunction.php. Executing a manipulation…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6149
|
2026-04-25 02:57 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
