Lucene search
K

161488 matches found

RedhatCVE
RedhatCVE
added 2026/05/05 3:21 p.m.10 views

CVE-2026-42041

A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the Object.prototype.validateStatus property. By polluting this property, all HTTP error responses such as 401, 403, or 500 are silently treated as...

8.2CVSS5.8AI score0.00611EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/05 3:0 p.m.11 views

CVE-2026-7844 chatchat-space Langchain-Chatchat Compatible File Service openai_routes.py delete_file missing authentication

A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...

6.3CVSS6.4AI score0.00322EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/05 3:0 p.m.4 views

CVE-2026-7844

A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...

6.3CVSS6.4AI score0.00322EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/05 3:0 p.m.34 views

CVE-2026-7844 chatchat-space Langchain-Chatchat Compatible File Service openai_routes.py delete_file missing authentication

A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...

6.3CVSS0.00322EPSS
Exploits0References6
CVE
CVE
added 2026/05/05 3:0 p.m.11 views

CVE-2026-7844

CVE-2026-7844 concerns the chatchat-space Langchain-Chatchat project up to version 0.3.1.3. The vulnerability resides in the Compatible File Service, specifically the function set in libs/chatchat-server/chatchat/server/api_server/openai_routes.py (delete_file, as well as related file endpoints l...

6.3CVSS6.4AI score0.00322EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/05/05 1:16 p.m.5 views

CVE-2026-6918

In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message...

8.7CVSS5.8AI score0.00517EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/05 12:31 p.m.9 views

EUVD-2023-60570

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and...

8.7CVSS5.8AI score0.00537EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/05 12:31 p.m.9 views

EUVD-2025-209639

RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x 802.1X, among others. The vulnerability lies in shared certificate validation logic which uses th...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References2
CVE
CVE
added 2026/05/05 12:29 p.m.27 views

CVE-2026-6918

CVE-2026-6918 affects Eclipse OpenJ9/JITServer. Versions 0.21–0.58 are vulnerable to a pre-auth remote crash triggered by a 32-byte crafted TCP message. The description does not provide exploit details or remediation. No further concrete impact or patch information is available in the connected d...

8.7CVSS5.8AI score0.00517EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/05/05 12:29 p.m.52 views

CVE-2026-6918

In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message...

8.7CVSS0.00517EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:29 p.m.3 views

CVE-2026-6918

In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message...

8.7CVSS5.8AI score0.00517EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/05/05 12:29 p.m.27 views

EUVD-2026-27315

In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message...

8.7CVSS5.8AI score0.00517EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/05 12:28 p.m.10 views

CVE-2026-28510 elabftw allows MFA bypass during login

eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...

5.9CVSS5.8AI score0.00254EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/05 12:28 p.m.39 views

CVE-2026-28510 elabftw allows MFA bypass during login

eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...

5.9CVSS0.00254EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:28 p.m.6 views

CVE-2026-28510

eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...

5.9CVSS5.8AI score0.00254EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 12:16 p.m.10 views

CVE-2026-43569

OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically...

8.8CVSS0.00381EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 12:0 p.m.3 views

RUSTSEC-2026-0121 Denial of service in Steamworks game clients/servers using P2P authentication

Processing the raw ValidateAuthTicketResponset callback data panics when the meAuthSessionResponse field is kEAuthSessionResponseAuthTicketNetworkIdentityFailure. This can lead to denial of service in game clients and servers using the beginauthenticationsession API to authenticate players if a...

5.8AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/05 11:37 a.m.5 views

CVE-2026-40022

A flaw was found in the Apache Camel embedded HTTP server and embedded management server camel-platform-http-main. When authentication is enabled and a non-root context path is configured, the authentication handler incorrectly matches only the exact configured path, not its subpaths. This allows...

8.2CVSS5.7AI score0.00622EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/05 11:25 a.m.7 views

CVE-2026-43569 OpenClaw < 2026.4.9 - Untrusted Provider Plugin Auto-enablement via Workspace Provider Auth

OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically...

8.8CVSS5.8AI score0.00381EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/05 11:25 a.m.8 views

EUVD-2026-27289

OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically...

8.8CVSS5.8AI score0.00381EPSS
Exploits0References3
Rows per page
Query Builder