Lucene search
K

524 matches found

CVE
CVE
added yesterday10 views

CVE-2026-3014

CVE-2026-3014 concerns Milestone XProtect. A vulnerability in the Management Server API could allow users with edit permissions on the Management Server to execute arbitrary code in the context of the Management Server Service. Milestone has released a new version of XProtect with cumulative patc...

9.1CVSS6.2AI score0.0062EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-55516 Snipe-IT: Cross-company asset maintenance re-parenting via API update

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/maintenanceid checks access to the current maintenance record and asset but then fills attacker-controlled fields including assetid without re-authorizing the newly supplied asset, allowing an...

7.7CVSS0.00218EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42596

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the we...

8.6CVSS5.9AI score0.0034EPSS
Exploits0References1
NVD
NVD
added 6 days ago9 views

CVE-2026-56460

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system...

6.5CVSS0.00379EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-56460 HCL DevOps Deploy / HCL Launch is susceptible to an Insertion of Sensitive Information Into Sent Data vulnerability

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system...

6.5CVSS0.00379EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-56460

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system...

6.5CVSS5.8AI score0.00379EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42555

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system...

6.5CVSS5.8AI score0.00379EPSS
Exploits0References1
NVD
NVD
added 2026/07/03 9:16 p.m.8 views

CVE-2026-22555

Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets...

8.1CVSS0.00304EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/02 7:42 p.m.7 views

CVE-2026-59097 Taiga < 6.10.2 - Unauthorized Due-Date Creation via API Viewsets

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS6.2AI score0.00344EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 5:48 p.m.92 views

CVE-2026-47262

CVE-2026-47262 affects containerd where a maliciously crafted image can trigger a Denial of Service by exhausting memory during container creation, causing an Out-Of-Memory (OOM) kill of the containerd process and making the runtime API unavailable (impacting clients like Docker Engine and Kubern...

5.5CVSS5.7AI score0.00317EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/01 2:34 p.m.33 views

CVE-2026-58024 API identification of users on private wikis

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiUserrights.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.1CVSS0.00369EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 3:43 a.m.8 views

EUVD-2026-40892

The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS5.6AI score0.00367EPSS
Exploits0References8
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-56350

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...

7.7CVSS0.00258EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5347 OliveTin: ValidateArgumentType API Endpoint's Missing Authentication Allows Action and Argument Enumeration in github.com/OliveTin/OliveTin

OliveTin: ValidateArgumentType API Endpoint's Missing Authentication Allows Action and Argument Enumeration in github.com/OliveTin/OliveTin...

3.7CVSS5.8AI score0.00328EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52207

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.3 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description Insufficient filtering in a CI/CD API endpoint could allow sensitive information to be written to...

4.4CVSS5.7AI score0.0013EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 2:1 p.m.9 views

EUVD-2026-38792

An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3...

6.3CVSS5.9AI score0.00178EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 10:11 p.m.3 views

CVE-2026-48493 Snipe-IT Vulnerable to Privilege Escalation for self via API Permissions Assignment

Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/theirownid and grant themselves any permission except admin and superuser — for example assets.view, assets.create, reports.view, import, etc. The issue is...

5.5CVSS6AI score0.00182EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51507

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description Multiple OS command injection issues exist in the Custom MCP Server feature. These occur due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker wi...

9.9CVSS6.2AI score0.02683EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.9 views

PT-2026-56266

Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.09.4 Description Webview-based pages communicate with the Rust backend via an internal localhost API. User scripts included through iframes in the editor can bypass protections to access this API. A malicious imported...

6.5CVSS6.2AI score0.00169EPSS
Exploits0References10
GithubExploit
GithubExploit
added 2026/06/12 9:37 p.m.76 views

ember

🔥 Ember AI systems burn brightly but hide their secrets. Em...

5.3AI score
Exploits0
Rows per page
Query Builder