CVE-2026-5842

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has...

GHSA-XRRH-P7F2-27VM decolua 9router vulnerable to authorization bypass

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has...

decolua 9router vulnerable to authorization bypass

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has...

Authorization Bypass Through User-Controlled Key

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the /api/ endpoints of the Administrative API. An attacker can gain unauthorized access to administrative functions by sendi...

CVE-2026-5842

CVE-2026-5842 concerns decolua 9router (≤0.3.47) where the Administrative API Endpoint under /api can bypass authorization. The root cause is described as an unauthorized access vulnerability in an unknown function of the API endpoint, exploitable remotely. Public disclosure has occurred and the ...

CVE-2026-5842

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-5842 decolua 9router Administrative API Endpoint api authorization

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has...

decolua 9router vulnerable to authorization bypass

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has...

PT-2026-31584

Name of the Vulnerable Software and Affected Versions decolua 9router versions up to 0.3.47 Description A security issue exists in decolua 9router that allows an attacker to bypass authorization. The vulnerability is located in an unknown function within the /api of the Administrative API Endpoin...

Couchbase Server - Broken Access Control

Couchbase Server versions 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0-4.6.5, 5.0.0, 5.1.1, 5.5.0, and 5.5.1 contain insecure permissions for the projector and indexer REST endpoints caused by unauthenticated access, letting attackers access administrative APIs without authentication, exploit require...

CVE-2023-49231

An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token...

CVE-2025-44823

Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/getusers call. This is GL:NLS475...

CVE-2025-44823

Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/getusers call. This is GL:NLS475...

EUVD-2019-3832

Malware in sbrugna...

EUVD-2012-0013

Malware in sbrugna...

EUVD-2025-21452

Malicious code in bioql PyPI...

EUVD-2024-54657

Malicious code in bioql PyPI...

EUVD-2025-18524

Malicious code in bioql PyPI...

CVE-2025-53959

In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible...

JetBrains YouTrack < 2024.3.85077 / 2025.x < 2025.1.86199 Email Spoofing

The version of JetBrains YouTrack installed on the remote host is prior to 2024.3.85077, 2025.x prior to 2025.1.86199. It is, therefore, affected by an email spoofing vulnerability via the Administrative API. Note that Nessus has not tested for these issues but has instead relied only on the...