Lucene search
K

509 matches found

OSV
OSV
added 2026/03/04 4:16 p.m.4 views

CVE-2025-59784

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges...

7.2CVSS5.7AI score0.00286EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/03 7:42 a.m.13 views

CVE-2025-15597

A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS5.5AI score0.0055EPSS
Exploits1References1
CVE
CVE
added 2026/03/03 12:0 a.m.19 views

CVE-2025-67840

CVE-2025-67840 corresponds to multiple authenticated OS command injection vulnerabilities in Cohesity TranZman 4.0 Build 14614 (TZM_1757588060_SEP2025_FULL.depot). The web API endpoints (including Scheduler and Actions) concatenate user-controlled parameters into system commands, allowing an auth...

7.2CVSS6.8AI score0.03686EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 8:25 p.m.7 views

CVE-2026-28288 Dify has a user enumeration issue

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...

6.9CVSS5.9AI score0.00635EPSS
Exploits1References2
OSV
OSV
added 2026/02/27 2:16 a.m.3 views

CVE-2026-20797

A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program...

9.8CVSS6AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/26 10:35 p.m.4 views

CVE-2025-3525

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have, under certain circumstances, allowed an authenticated user with certain access to cause Denial of Service by creating specially crafted CI...

6.5CVSS5.4AI score0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/25 4:13 p.m.3 views

CVE-2026-20133

A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this...

6.5CVSS7.5AI score0.10245EPSS
Exploits0References1
NVD
NVD
added 2026/02/25 1:16 p.m.6 views

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

9.1CVSS0.00332EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.8 views

Mautic 安全漏洞

Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Mautic has a security vulnerability, which stems from SQL injections in the API endpoints used for retrieving contact activities...

8.8CVSS6AI score0.00289EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.14 views

SonicWALL SonicOS 安全漏洞

SonicWALL SonicOS is a set of operating systems designed for SonicWall firewall appliances from SonicWALL, Inc. A buffer overflow vulnerability exists in SonicWALL SonicOS. The vulnerability stems from improper API endpoint boundary checking and can be exploited by an attacker to execute arbitrar...

4.9CVSS6.4AI score0.00322EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 11:19 p.m.5 views

CVE-2026-27161

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...

8.7CVSS5.7AI score0.00412EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/20 12:56 a.m.4 views

CVE-2026-26977 Frappe Learning Management System exposes details of unpublished courses to unauthorized users

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release...

6.9CVSS5.6AI score0.00289EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/19 10:45 a.m.33 views

CVE-2025-15559 Unauthenticated OS Command Injection in NesterSoft WorkTime

An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call to generate and download the WorkTime client from the WorkTime server is vulnerable in the “guid” parameter. This allows an attacker to execute arbitrary commands on t...

0.00441EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 4:36 a.m.30 views

CVE-2025-13851 Buyent Theme (with Buyent Classified Plugin) <= 1.0.7 - Unauthenticated Privilege Escalation via User Registration

The Buyent Classified plugin for WordPress bundled with Buyent theme is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.0.7. This is due to the plugin not validating or restricting the user role during registration via the REST API endpoint. This...

9.8CVSS0.0031EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/19 1:27 a.m.9 views

CVE-2026-23596

A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability...

6.5CVSS5.7AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.17 views

PT-2026-42538

Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.83.14 Description An authenticated internal user can create API keys with access to routes not permitted by their role. This occurs because the allowed routes field is stored during key generation without verifying ...

9CVSS5.2AI score0.00739EPSS
Exploits3References25
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.4 views

PT-2026-20870

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS5.8AI score0.27661EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/18 10:2 p.m.28 views

CVE-2026-2676 GoogTech sms-ssm API LoginInterceptor.java preHandle improper authorization

A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. Affected by this issue is the function preHandle of the file LoginInterceptor.java of the component API Interface. Executing a manipulation can lead to improper authorization. The attack may be...

6.5CVSS0.00272EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/02/17 8:45 p.m.5 views

CVE-2026-23595

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system...

8.8CVSS5.7AI score0.00299EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/17 8:45 p.m.4 views

CVE-2026-23595 Unauthenticated Authentication Bypass in application API allows unauthorized administrative account creation

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system...

8.8CVSS5.7AI score0.00299EPSS
Exploits0References1
Rows per page
Query Builder