6.9
CVE-2026-5002 - PromtEngineer localGPT LLM Prompt server.py _route_using_overviews injection
A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The impacted element is the function _route_using_overviews of the file backend/server.py of the component LLM Prompt Handler. Such manipulation leads to injection. The attack may be performed fโฆ
6.9
CVE-2026-5001 - PromtEngineer localGPT server.py do_POST unrestricted upload
A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is the function do_POST of the file backend/server.py. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publishedโฆ
6.9
CVE-2026-5000 - PromtEngineer localGPT API Endpoint server.py LocalGPTHandler missing authentication
A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. Impacted is the function LocalGPTHandler of the file backend/server.py of the component API Endpoint. The manipulation of the argument BaseHTTPRequestHandler results in missing authentication. Theโฆ
5.3
CVE-2026-4999 - z-9527 admin isImg Check upload.js uploadFile path traversal
A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. This issue affects the function uploadFile of the file /server/utils/upload.js of the component isImg Check. The manipulation of the argument fileType leads to path traversal. Remote exploitatโฆ
6.9
CVE-2026-4998 - Sinaptik AI PandasAI Chat Message code_executor.py CodeExecutor.execute code injection
A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/code_execution/code_executor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be laโฆ
6.9
CVE-2026-4997 - Sinaptik AI PandasAI sql_sanitizer.py is_sql_query_safe path traversal
A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function is_sql_query_safe of the file pandasai/helpers/sql_sanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public โฆ
8.6
CVE-2017-20228 - Flat Assembler 1.71.21 Stack-Based Buffer Overflow ROP
Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointer and execute returโฆ
8.6
CVE-2018-25225 - SIPP 3.3 Stack-Based Buffer Overflow via Configuration File
SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the reโฆ
8.6
CVE-2018-25224 - PMS 0.42 Stack-Based Buffer Overflow via Configuration File
PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute shellโฆ
9.3
CVE-2018-25223 - Crashmail 1.6 Stack-based Buffer Overflow Remote Code Execution
Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads with ROP chains to achieve code execution in the application context, with failed attempts potentiallโฆ