Lucene search
K

4921302 matches found

CVE
CVE
added 22 minutes ago2 views

CVE-2026-62361 listmonk: SQL Injection in `/api/subscribers/export` bypasses table access control, leaking admin password hashes and SMTP credentials

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to 6.2.0, listmonk’s GET /api/subscribers/export endpoint injects the user-controlled query parameter into QuerySubscribersForExport in internal/core/subscribers.go without calling validateQueryTables, unlike GET...

5.5CVSS
Exploits0References3
Cvelist
Cvelist
added 22 minutes ago2 views

CVE-2026-62361 listmonk: SQL Injection in `/api/subscribers/export` bypasses table access control, leaking admin password hashes and SMTP credentials

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to 6.2.0, listmonk’s GET /api/subscribers/export endpoint injects the user-controlled query parameter into QuerySubscribersForExport in internal/core/subscribers.go without calling validateQueryTables, unlike GET...

5.5CVSS
Exploits0References3
CVE
CVE
added 25 minutes ago2 views

CVE-2026-62312 9Router: Authenticated RCE via Unvalidated MCP Plugin Arguments

9Router is an AI router & token saver. Prior to 0.5.2, 9Router allows a remote authenticated attacker to achieve arbitrary code execution on the host operating system by combining a Host header bypass of localhost-only routes with unvalidated MCP plugin args passed to childprocess.spawn, allowing...

8.8CVSS
Exploits0References3
Cvelist
Cvelist
added 25 minutes ago2 views

CVE-2026-62312 9Router: Authenticated RCE via Unvalidated MCP Plugin Arguments

9Router is an AI router & token saver. Prior to 0.5.2, 9Router allows a remote authenticated attacker to achieve arbitrary code execution on the host operating system by combining a Host header bypass of localhost-only routes with unvalidated MCP plugin args passed to childprocess.spawn, allowing...

8.8CVSS
Exploits0References3
CVE
CVE
added 27 minutes ago2 views

CVE-2026-56678 9Router: Kiro region injection allows authenticated SSRF with Authorization header forwarding

9Router is an AI router & token saver. Prior to 0.5.6, the Kiro API-key validation endpoint POST /api/oauth/kiro/api-key builds an upstream URL using a user-controlled region value, allowing an authenticated attacker to supply a crafted region such as kiro-canary.local:8443 and cause 9Router to...

6.4CVSS
Exploits0References3
Cvelist
Cvelist
added 27 minutes ago1 views

CVE-2026-56678 9Router: Kiro region injection allows authenticated SSRF with Authorization header forwarding

9Router is an AI router & token saver. Prior to 0.5.6, the Kiro API-key validation endpoint POST /api/oauth/kiro/api-key builds an upstream URL using a user-controlled region value, allowing an authenticated attacker to supply a crafted region such as kiro-canary.local:8443 and cause 9Router to...

6.4CVSS
Exploits0References3
CVE
CVE
added 28 minutes ago2 views

CVE-2026-56679 9Router: Mass assignment in PATCH /api/settings allows authenticated authorization downgrade

9Router is an AI router & token saver. Prior to 0.5.4, the PATCH /api/settings endpoint writes the entire request body to persistent settings without a field whitelist, allowing an authenticated user to set security-critical fields such as requireLogin and disable authentication for the whole...

8.7CVSS
Exploits0References1
Cvelist
Cvelist
added 28 minutes ago2 views

CVE-2026-56679 9Router: Mass assignment in PATCH /api/settings allows authenticated authorization downgrade

9Router is an AI router & token saver. Prior to 0.5.4, the PATCH /api/settings endpoint writes the entire request body to persistent settings without a field whitelist, allowing an authenticated user to set security-critical fields such as requireLogin and disable authentication for the whole...

8.7CVSS
Exploits0References1
CVE
CVE
added 29 minutes ago27 views

CVE-2026-49353 9Router: Local-Only Access Gate Bypass in 9router via Host Header SpoofING

9Router is an AI router & token saver. In 0.4.45 and earlier, 9Router's src/dashboardGuard.js local-only access gate used Host and Origin headers in isLocalRequest to protect /api/mcp/, /api/tunnel/, and /api/cli-tools/, allowing header spoofing in reverse proxy or tunnel deployments to reach MCP...

7.5CVSS0.00058EPSS
Exploits0References4
Cvelist
Cvelist
added 29 minutes ago1 views

CVE-2026-49353 9Router: Local-Only Access Gate Bypass in 9router via Host Header SpoofING

9Router is an AI router & token saver. In 0.4.45 and earlier, 9Router's src/dashboardGuard.js local-only access gate used Host and Origin headers in isLocalRequest to protect /api/mcp/, /api/tunnel/, and /api/cli-tools/, allowing header spoofing in reverse proxy or tunnel deployments to reach MCP...

7.5CVSS0.00058EPSS
Exploits0References4
Cvelist
Cvelist
added 31 minutes ago2 views

CVE-2026-33684 AVideo's Privilege AVideo: Escalation via Unguarded Permission Parameters in signUp API Allows Self-Granting Upload/Stream/Meet Permissions

WWBN AVideo is an open source video platform. Prior to version 29.0, Privilege Escalation is possible through unguarded permission parameters in signUp API, which allows any user who can solve a CAPTCHA to self-grant elevated permissions during account registration. The setapisignUp method in the...

5.3CVSS
Exploits0References1
CVE
CVE
added 31 minutes ago11 views

CVE-2026-33684 AVideo's Privilege AVideo: Escalation via Unguarded Permission Parameters in signUp API Allows Self-Granting Upload/Stream/Meet Permissions

WWBN AVideo is an open source video platform. Prior to version 29.0, Privilege Escalation is possible through unguarded permission parameters in signUp API, which allows any user who can solve a CAPTCHA to self-grant elevated permissions during account registration. The setapisignUp method in the...

5.3CVSS
Exploits0References1
CVE
CVE
added 35 minutes ago40 views

CVE-2026-49352 9Router: Hardcoded Default fallback JWT Secret Allows Authentication Bypass

9Router is an AI router & token saver. From 0.2.21 until 0.4.44, 9Router used the hardcoded fallback JWT secret 9router-default-secret-change-me in src/app/api/auth/login/route.js, src/middleware.js, and later src/lib/auth/dashboardSession.js, allowing attackers to forge an authtoken cookie when...

9.8CVSS0.0019EPSS
Exploits1References3
Cvelist
Cvelist
added 35 minutes ago2 views

CVE-2026-49352 9Router: Hardcoded Default fallback JWT Secret Allows Authentication Bypass

9Router is an AI router & token saver. From 0.2.21 until 0.4.44, 9Router used the hardcoded fallback JWT secret 9router-default-secret-change-me in src/app/api/auth/login/route.js, src/middleware.js, and later src/lib/auth/dashboardSession.js, allowing attackers to forge an authtoken cookie when...

9.8CVSS0.0019EPSS
Exploits1References3
CVE
CVE
added 37 minutes ago33 views

CVE-2026-46339 9Router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes

9Router is an AI router & token saver. From 0.4.30 until 0.4.37, 9Router's src/proxy.js middleware did not protect /api/cli-tools/ and /api/mcp/, allowing unauthenticated registration of customPlugins through src/app/api/cli-tools/cowork-settings/route.js and command execution through the MCP...

10CVSS0.00147EPSS
Exploits0References2
Cvelist
Cvelist
added 37 minutes ago2 views

CVE-2026-46339 9Router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes

9Router is an AI router & token saver. From 0.4.30 until 0.4.37, 9Router's src/proxy.js middleware did not protect /api/cli-tools/ and /api/mcp/, allowing unauthenticated registration of customPlugins through src/app/api/cli-tools/cowork-settings/route.js and command execution through the MCP...

10CVSS0.00147EPSS
Exploits0References2
CVE
CVE
added 43 minutes ago10 views

CVE-2026-55608 n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.57.4, multi-tenant HTTP mode with ENABLEMULTITENANT=true could allow an authenticated tenant to access default-scope workflowversions backups instead of being confined to...

4.2CVSS
Exploits0References3
Cvelist
Cvelist
added 43 minutes ago3 views

CVE-2026-55608 n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.57.4, multi-tenant HTTP mode with ENABLEMULTITENANT=true could allow an authenticated tenant to access default-scope workflowversions backups instead of being confined to...

4.2CVSS
Exploits0References3
CVE
CVE
added 44 minutes ago15 views

CVE-2026-54052 n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.56.1, in HTTP mode with multi-tenancy enabled through ENABLEMULTITENANT=true, n8n-mcp's local workflow version history backups were not isolated per tenant, allowing an...

9.9CVSS0.00043EPSS
Exploits0References2
Cvelist
Cvelist
added 44 minutes ago4 views

CVE-2026-54052 n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.56.1, in HTTP mode with multi-tenancy enabled through ENABLEMULTITENANT=true, n8n-mcp's local workflow version history backups were not isolated per tenant, allowing an...

9.9CVSS0.00043EPSS
Exploits0References2
Rows per page
Query Builder