Lucene search
+L

327 matches found

Nuclei
Nuclei
added 11 hours ago12 views

SiYuan <= 3.6.5 - Unauthenticated Path Traversal

SiYuan = 3.6.5 contains a path traversal via double URL-encoding in the /assets/ route publish mode port 6808, allowing unauthenticated attackers to read arbitrary files inside WorkspaceDir including conf/conf.json which exposes the API token and access auth code. id: CVE-2026-54066 info: name:...

7.5CVSS5.4AI score0.01892EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-63087 Grafana OnCall 1.16.11 Unauthenticated Token Hijack via Plugin Install Endpoint

Grafana OnCall through 1.16.11 contains an unauthenticated access vulnerability that allows remote attackers to obtain a valid PluginAuthToken by sending a POST request to the internal plugin install endpoint using hardcoded default stackid and orgid values present in the public source tree...

9.8CVSS0.00427EPSS
Exploits0References2
CVE
CVE
added 3 days ago14 views

CVE-2026-63087

Grafana OnCall 1.16.11 is affected by an unauthenticated token-hijack vulnerability via the internal plugin install endpoint. An attacker can POST to the endpoint using hardcoded default stack_id and org_id values to obtain a valid PluginAuthToken, which can be used to authenticate against intern...

9.8CVSS6.2AI score0.00427EPSS
Exploits0References2
NVD
NVD
added 5 days ago4 views

CVE-2026-47428

Vitest is a testing framework powered by Vite. From 4.0.17 until 4.1.6 and 5.0.0-beta.3, Vitest Browser Mode served /vitesttest/ with the otelCarrier query parameter inserted directly into an inline module script, allowing a crafted browser-runner URL to execute arbitrary JavaScript in the Vitest...

9.6CVSS0.00367EPSS
Exploits0References7
CVE
CVE
added 5 days ago24 views

CVE-2026-15075

CVE-2026-15075 affects Eclipse Vert.x up to 4.5.29 (4.x) and 5.1.4 (5.x). The DefaultRedirectHandler in vertx-core forwards all request headers across cross-origin HTTP 30x redirects, stripping only Content-Length. No origin check is performed before copying headers to the redirect target. This a...

8.2CVSS6.2AI score0.00141EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/10 4:32 p.m.8 views

CVE-2026-1667

The CVE concerns the SEO Plugin by Squirrly SEO for WordPress (up to version 14.0.0) with a vulnerability in savePost() that allows unauthenticated users to create arbitrary posts and, if Advanced Custom Fields is installed, to inject stored XSS scripts. Root cause is a leak of an API token and i...

7.2CVSS6.2AI score0.00186EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 8:19 p.m.22 views

CVE-2026-27761

Gitea versions up to and including 1.26.2 expose private repository commit data via RSS/Atom feed endpoints by bypassing API access token scope checks. This affects feeds that do not enforce repository scope, allowing tokens without repository scope to access private data. Public references indic...

4.3CVSS7.1AI score0.00367EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2026/06/29 12:0 a.m.5 views

The vulnerability of the GSS-API token processing module of the TKEY authentication mechanism’s DNS server BIND allows a perpetrator to cause a service failure.

The vulnerability of the GSS-API token processing module of the TKEY authentication mechanism’s DNS server BIND relates to the absence of a reference to an active, allocated resource. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS5.3AI score0.01047EPSS
Exploits0References9Affected Software5
NVD
NVD
added 2026/06/24 7:16 a.m.13 views

CVE-2026-9183

The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24blockenqueuescripts function being hooked to enqueueblockeditorassets and, for any non-administrator user, falling back to loading...

4.3CVSS0.0021EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/16 11:34 p.m.8 views

NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host

NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...

7.7CVSS5.8AI score0.00353EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2026/06/07 9:4 a.m.108 views

glitchtip-plaintext-api-tokens-poc

GlitchTip plaintext API token exposure PoC This PoC checks wh...

5.5AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/04 9:20 a.m.9 views

CVE-2026-50214 Shared Secret Quota Inflation

The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans...

9.3CVSS5.9AI score0.00167EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 9:20 a.m.8 views

CVE-2026-50214

The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans...

9.3CVSS5.9AI score0.00167EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 9:20 a.m.23 views

CVE-2026-50214

The CVE-2026-50214 entry concerns the /v1/Plan service that relies entirely on a shared global API token for full administrative management, enabling arbitrary creation of zero-cost network access plans. According to the NVD entry, this leads to critical impact across confidentiality, integrity, ...

9.8CVSS5.9AI score0.00167EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/28 4:16 p.m.24 views

CVE-2026-35672

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...

8.7CVSS0.00384EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 2:19 p.m.24 views

CVE-2026-44830

CVE-2026-44830 affects Nocturne Memory prior to 2.4.1. When API_TOKEN is unset or empty, BearerTokenAuthMiddleware does not enforce authentication for all HTTP requests. Coupled with a default 0.0.0.0 host binding and CORS allow_origins=[""], this lets any LAN-reachable client access the Knowledg...

8.7CVSS5.9AI score0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 2:19 p.m.43 views

CVE-2026-44830 Empty API_TOKEN disables authentication on network-reachable HTTP/SSE transport

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...

8.7CVSS0.00215EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 2:19 p.m.3 views

CVE-2026-44830 Empty API_TOKEN disables authentication on network-reachable HTTP/SSE transport

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...

8.7CVSS6AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.19 views

PT-2026-44001

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS allow origins="...

8.7CVSS5.9AI score0.00215EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/22 8:12 p.m.18 views

CVE-2026-4843

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References1
Rows per page
Query Builder