Lucene search
+L

2294 matches found

cvelist
cvelist
added yesterday24 views

CVE-2026-49353 9Router: Local-Only Access Gate Bypass in 9router via Host Header SpoofING

9Router is an AI router & token saver. In 0.4.45 and earlier, 9Router's src/dashboardGuard.js local-only access gate used Host and Origin headers in isLocalRequest to protect /api/mcp/, /api/tunnel/, and /api/cli-tools/, allowing header spoofing in reverse proxy or tunnel deployments to reach MCP...

7.5CVSS0.00058EPSS
Exploits0References4
cvelist
cvelist
added yesterday23 views

CVE-2026-56352 n8n - Arbitrary File Read and Execution via ExecuteWorkflow localFile Parameter

n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by other file-reading nodes. Although hidden from the UI since v1.2, it remains reachable via the RE...

6.4CVSS
Exploits0References2
nvd
nvd
added 3 days ago4 views

CVE-2026-61952

Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through = 1.8.21...

4.9CVSS0.00193EPSS
Exploits0References1
cve
cve
added 6 days ago8 views

CVE-2026-15079

The CVE-2026-15079 entry concerns the Drupal Login Disable module, affected on versions 0.0.0 through 2.1.4. The underlying issue is an improper restriction of excessive authentication attempts, which can enable brute-force login attempts to bypass protection. The attack surface is the Drupal log...

5.4CVSS6.1AI score0.00209EPSS
Exploits0References1
cve
cve
added 6 days ago16 views

CVE-2026-58590

FlowDrop for Drupal is affected by a Missing Authorization vulnerability that enables forceful browsing. Publicly reported details cover FlowDrop versions 0.0.0 through 1.6.0 as vulnerable. The root cause is insufficient access checks, allowing unauthorized navigation to access resources. The iss...

5.4CVSS6.1AI score0.0023EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 6 days ago32 views

CVE-2026-58589 FlowDrop - Moderately critical - Access bypass - SA-CONTRIB-2026-067

Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0...

0.0023EPSS
Exploits0References1
cve
cve
added 6 days ago18 views

CVE-2026-58589

CVE-2026-58589 describes a Missing Authorization vulnerability in Drupal FlowDrop (FlowDrop versions 0.0.0 to 1.6.0) allowing forceful browsing to access endpoints without proper permissions. The issue affects the FlowDrop module used for AI-driven workflows via a chat interface, where endpoints ...

5.4CVSS6.1AI score0.0023EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 6 days ago31 views

CVE-2026-13241 Paragraphs - Moderately critical - Access bypass - SA-CONTRIB-2026-061

Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0...

0.00159EPSS
Exploits0References1
cve
cve
added 6 days ago10 views

CVE-2026-13241

Summary: CVE-2026-13241 describes a Missing Authorization vulnerability in Drupal Paragraphs (affecting Paragraphs 0.0.0 – 1.21.0) compounded by the Paragraphs Library module. The issue allows forceful browsing because access to direct child paragraphs of library items via API endpoints is not su...

6.5CVSS6.1AI score0.00159EPSS
Exploits0References1
cve
cve
added 6 days ago9 views

CVE-2026-13239

Summary: CVE-2026-13239 describes a Missing Authorization vulnerability in WissKI, enabling forceful browsing via the wisski mirador submodule. Affected software: WissKI versions 0.0.0 through 4.2.0. Root cause (per documents): insufficient access checks when parameters are submitted through a ro...

6.5CVSS6.1AI score0.00159EPSS
Exploits0References1
cvelist
cvelist
added 6 days ago33 views

CVE-2026-13239 WissKI - Critical - Access bypass - SA-CONTRIB-2026-059

Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0...

0.00159EPSS
Exploits0References1
cvelist
cvelist
added 6 days ago33 views

CVE-2026-13238 Commerce Realex / Global Payments - Moderately critical - Access Bypass - SA-CONTRIB-2026-058

Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...

0.00217EPSS
Exploits0References1
cve
cve
added 6 days ago15 views

CVE-2026-13238

CVE-2026-13238 describes an incorrect authorization flaw in Drupal Commerce Realex / Global Payments. The issue permits forceful browsing when the gateway is configured with the redirect payment method, due to insufficient verification of the payment response from Global Payments. Affected versio...

4.8CVSS6.1AI score0.00217EPSS
Exploits0References1
cvelist
cvelist
added 6 days ago32 views

CVE-2026-13237 AI Agents - Moderately critical - Information disclosure, Access bypass - SA-CONTRIB-2026-057

Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

0.00168EPSS
Exploits0References1
cve
cve
added 6 days ago12 views

CVE-2026-13237

CVE-2026-13237 affects Drupal AI Agents (versions 0.0.0–1.1.4, 1.2.0–1.2.5, 1.3.0–1.3.1). Root cause: Incorrect Authorization allowing Forceful Browsing, potentially enabling information disclosure and minor integrity concerns. The issue is documented across multiple sources (Drual SA-CONTRIB-202...

4.8CVSS6.1AI score0.00168EPSS
Exploits0References1
cve
cve
added 6 days ago13 views

CVE-2026-13236

The CVE CVE-2026-13236 concerns a Missing Authorization issue in Drupal AI Agents that enables forceful browsing. Technical details across connected sources show that the vulnerability resides in the Drupal AI Agents module, where the tool-loading path does not sufficiently verify permissions on ...

4.2CVSS6.1AI score0.00145EPSS
Exploits0References1
osv
osv
added 6 days ago6 views

CVE-2026-13235 AI (Artificial Intelligence) - Moderately critical - Access bypass - SA-CONTRIB-2026-055

Missing Authorization vulnerability in Drupal AI Artificial Intelligence allows Forceful Browsing. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...

3.3CVSS6.1AI score0.00161EPSS
Exploits0References5
cvelist
cvelist
added 6 days ago31 views

CVE-2026-13232 Advanced Content Feedback (aka admin_feedback) - Moderately critical - Access bypass / Insecure Direct Object Reference (IDOR) - SA-CONTRIB-2026-052

Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

0.00162EPSS
Exploits0References1
osv
osv
added 6 days ago4 views

CVE-2026-11909 Examples for Developers - Moderately critical - Access bypass - SA-CONTRIB-2026-044

Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. This issue affects Examples for Developers versions: from 0.0.0 to 4.0.6...

3.3CVSS6.1AI score0.00161EPSS
Exploits0References5
nvd
nvd
added last week8 views

CVE-2026-59225

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...

6.3CVSS0.00211EPSS
Exploits0References4
Rows per page
Query Builder