327 matches found
SiYuan <= 3.6.5 - Unauthenticated Path Traversal
SiYuan = 3.6.5 contains a path traversal via double URL-encoding in the /assets/ route publish mode port 6808, allowing unauthenticated attackers to read arbitrary files inside WorkspaceDir including conf/conf.json which exposes the API token and access auth code. id: CVE-2026-54066 info: name:...
CVE-2026-63087 Grafana OnCall 1.16.11 Unauthenticated Token Hijack via Plugin Install Endpoint
Grafana OnCall through 1.16.11 contains an unauthenticated access vulnerability that allows remote attackers to obtain a valid PluginAuthToken by sending a POST request to the internal plugin install endpoint using hardcoded default stackid and orgid values present in the public source tree...
CVE-2026-63087
Grafana OnCall 1.16.11 is affected by an unauthenticated token-hijack vulnerability via the internal plugin install endpoint. An attacker can POST to the endpoint using hardcoded default stack_id and org_id values to obtain a valid PluginAuthToken, which can be used to authenticate against intern...
CVE-2026-47428
Vitest is a testing framework powered by Vite. From 4.0.17 until 4.1.6 and 5.0.0-beta.3, Vitest Browser Mode served /vitesttest/ with the otelCarrier query parameter inserted directly into an inline module script, allowing a crafted browser-runner URL to execute arbitrary JavaScript in the Vitest...
CVE-2026-15075
CVE-2026-15075 affects Eclipse Vert.x up to 4.5.29 (4.x) and 5.1.4 (5.x). The DefaultRedirectHandler in vertx-core forwards all request headers across cross-origin HTTP 30x redirects, stripping only Content-Length. No origin check is performed before copying headers to the redirect target. This a...
CVE-2026-1667
The CVE concerns the SEO Plugin by Squirrly SEO for WordPress (up to version 14.0.0) with a vulnerability in savePost() that allows unauthenticated users to create arbitrary posts and, if Advanced Custom Fields is installed, to inject stored XSS scripts. Root cause is a leak of an API token and i...
CVE-2026-27761
Gitea versions up to and including 1.26.2 expose private repository commit data via RSS/Atom feed endpoints by bypassing API access token scope checks. This affects feeds that do not enforce repository scope, allowing tokens without repository scope to access private data. Public references indic...
The vulnerability of the GSS-API token processing module of the TKEY authentication mechanism’s DNS server BIND allows a perpetrator to cause a service failure.
The vulnerability of the GSS-API token processing module of the TKEY authentication mechanism’s DNS server BIND relates to the absence of a reference to an active, allocated resource. Exploiting this vulnerability can allow a malicious actor to cause service failures...
CVE-2026-9183
The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24blockenqueuescripts function being hooked to enqueueblockeditorassets and, for any non-administrator user, falling back to loading...
NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host
NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...
glitchtip-plaintext-api-tokens-poc
GlitchTip plaintext API token exposure PoC This PoC checks wh...
CVE-2026-50214 Shared Secret Quota Inflation
The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans...
CVE-2026-50214
The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans...
CVE-2026-50214
The CVE-2026-50214 entry concerns the /v1/Plan service that relies entirely on a shared global API token for full administrative management, enabling arbitrary creation of zero-cost network access plans. According to the NVD entry, this leads to critical impact across confidentiality, integrity, ...
CVE-2026-35672
phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...
CVE-2026-44830
CVE-2026-44830 affects Nocturne Memory prior to 2.4.1. When API_TOKEN is unset or empty, BearerTokenAuthMiddleware does not enforce authentication for all HTTP requests. Coupled with a default 0.0.0.0 host binding and CORS allow_origins=[""], this lets any LAN-reachable client access the Knowledg...
CVE-2026-44830 Empty API_TOKEN disables authentication on network-reachable HTTP/SSE transport
Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...
CVE-2026-44830 Empty API_TOKEN disables authentication on network-reachable HTTP/SSE transport
Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...
PT-2026-44001
Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS allow origins="...
CVE-2026-4843
The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...