Lucene search
K

161484 matches found

Snyk
Snyk
added 2026/05/05 6:10 p.m.15 views

Cross-site Request Forgery (CSRF)

Overview jupyterhub is a JupyterHub: A multi-user server for Jupyter notebooks Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the handling of HTTP form endpoints when requests with the Sec-Fetch-Mode: no-cors header are incorrectly treated as same-origin,...

9.6CVSS5.7AI score0.00159EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/05 5:58 p.m.10 views

Codechecker has an authentication bypass for certain API calls

Summary Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker. Details The following functions are affected under the Authentication endpoint: getAuthorisedNames,...

10CVSS6AI score0.00447EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/05 5:58 p.m.17 views

Incorrect Authorization

Overview codechecker is an analyzer tooling, defect database and viewer extension Affected versions of this package are vulnerable to Incorrect Authorization via the Authentication endpoint functions, including getAuthorisedNames, getPermissionsForUser, hasPermission, addPermission, and...

10CVSS5.8AI score0.00447EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/05 5:58 p.m.5 views

EUVD-2026-25417

Codechecker has an authentication bypass for certain API calls...

10CVSS5.8AI score0.00447EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 5:58 p.m.5 views

GHSA-4V9X-CQC5-J645 Codechecker has an authentication bypass for certain API calls

Summary Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker. Details The following functions are affected under the Authentication endpoint: getAuthorisedNames,...

10CVSS6AI score0.00447EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 5:46 p.m.8 views

CLSA-2026-1778003186 libssh: Fix of CVE-2026-0966

CVE-2026-0966: fix heap buffer underflow in sshgethexa on NULL or zero-length input, remotely reachable via GSSAPI authentication logging...

8.2CVSS6.7AI score0.00582EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/05 5:25 p.m.14 views

Network-AI missing authentication on MCP HTTP endpoint, which allows unauthenticated privileged tool calls

Security Advisory: Missing Authentication for Critical Function in Jovancoding/Network-AI | Field | Value | |---|---| | Project | Jovancoding/Network-AI | | Repository | https://github.com/Jovancoding/Network-AI | | Affected commit | c344f2053eb0d49395988f803bf92f2a86b2a0d0 | | Affected tested...

8.7CVSS6AI score0.00471EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/05 5:25 p.m.8 views

Missing Authentication for Critical Function

Overview network-ai is an AI agent orchestration framework for TypeScript/Node.js - 29 adapters LangChain, AutoGen, CrewAI, OpenAI Assistants, LlamaIndex, Semantic Kernel, Haystack, DSPy, Agno, MCP, OpenClaw, A2A, Codex, MiniMax, NemoClaw, APS, Copilot, LangGraph, Anthropic Compu Affected version...

8.7CVSS5.8AI score0.00471EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 5:25 p.m.4 views

GHSA-FJ4G-2P96-Q6M3 Network-AI missing authentication on MCP HTTP endpoint, which allows unauthenticated privileged tool calls

Security Advisory: Missing Authentication for Critical Function in Jovancoding/Network-AI | Field | Value | |---|---| | Project | Jovancoding/Network-AI | | Repository | https://github.com/Jovancoding/Network-AI | | Affected commit | c344f2053eb0d49395988f803bf92f2a86b2a0d0 | | Affected tested...

8.7CVSS6AI score0.00471EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/05 5:23 p.m.12 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...

7.5CVSS5.8AI score0.00703EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/05 5:23 p.m.13 views

Important: Red Hat Security Advisory: dovecot security update

An update for dovecot is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.5CVSS5.9AI score0.0079EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2026/05/05 5:23 p.m.8 views

dovecot: denial of service via crafted message before authentication

A flaw was found in dovecot. An unauthenticated and remote attacker can send a crafted message that causes managesieve to allocate an excessive amount of memory, forcing managesieve-login to be unavailable by repeatedly crashing the process, resulting in a denial of service...

7.5CVSS5.8AI score0.0079EPSS
Exploits0References5
NVD
NVD
added 2026/05/05 5:17 p.m.8 views

CVE-2026-43002

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

5.3CVSS0.00365EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/05 5:3 p.m.7 views

EUVD-2026-27513

Jupyter Server's Authentication Cookies Remain Valid After Password Reset and Server Restart...

7.6CVSS5.8AI score0.00308EPSS
Exploits1References1
OSV
OSV
added 2026/05/05 5:3 p.m.2 views

GHSA-5MRQ-X3X5-8V8F Jupyter Server's Authentication Cookies Remain Valid After Password Reset and Server Restart

Summary A persistent cookie secret vulnerability allows authenticated users to maintain indefinite access even after password changes. The cookie secret used to sign authentication cookies is stored in a permanent file /.local/share/jupyter/runtime/jupytercookiesecret that is never automatically...

7.6CVSS5.8AI score0.00308EPSS
Exploits1References4
NVD
NVD
added 2026/05/05 4:16 p.m.13 views

CVE-2026-7844

A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...

6.3CVSS0.00322EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/05 3:21 p.m.10 views

CVE-2026-42041

A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the Object.prototype.validateStatus property. By polluting this property, all HTTP error responses such as 401, 403, or 500 are silently treated as...

8.2CVSS5.8AI score0.00611EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/05 3:0 p.m.11 views

CVE-2026-7844 chatchat-space Langchain-Chatchat Compatible File Service openai_routes.py delete_file missing authentication

A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...

6.3CVSS6.4AI score0.00322EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/05 3:0 p.m.4 views

CVE-2026-7844

A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...

6.3CVSS6.4AI score0.00322EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/05 3:0 p.m.34 views

CVE-2026-7844 chatchat-space Langchain-Chatchat Compatible File Service openai_routes.py delete_file missing authentication

A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...

6.3CVSS0.00322EPSS
Exploits0References6
Rows per page
Query Builder