Lucene search
K

510 matches found

Vulnrichment
Vulnrichment
added 2026/02/17 8:45 p.m.4 views

CVE-2026-23595 Unauthenticated Authentication Bypass in application API allows unauthorized administrative account creation

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system...

8.8CVSS5.7AI score0.00299EPSS
Exploits0References1
OSV
OSV
added 2026/02/17 6:9 p.m.5 views

GO-2026-4462 Mattermost Server server restarts may provide attackers with API access in github.com/mattermost/mattermost-server

Mattermost Server server restarts may provide attackers with API access in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive repor...

9.8CVSS5.5AI score0.01184EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.11 views

PT-2026-7941

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

7.5CVSS5.5AI score0.004EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/11 4:17 p.m.24 views

CVE-2026-24789 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function

An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...

9.8CVSS0.0067EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/11 11:34 a.m.23 views

CVE-2025-14594 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying the API...

3.5CVSS0.00164EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/11 11:34 a.m.6 views

CVE-2025-14594

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying the API...

3.5CVSS5.5AI score0.00164EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/10 12:29 a.m.4 views

GHSA-9VPH-2HVM-X66G Cube Core is vulnerable to Denial of Service (DoS) via crafted request

Impact It is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. Affected Versions: = 1.1.17 Mitigation: Upgrade to a patched version: - 1.5.13 and later regular release - 1.4.2 active LTS release References The issue was reported by...

6.5CVSS5.5AI score0.00391EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.10 views

PT-2026-6745

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.4 Gogs versions 0.14.0+dev Description Gogs, a self-hosted Git service, is affected by a critical remote code execution RCE issue. This issue allows attackers to rewrite the .git/config file via an API, potentially...

9.9CVSS6.3AI score0.27661EPSS
Exploits45References121
Patchstack
Patchstack
added 2026/02/04 7:41 a.m.9 views

WordPress Infility Global plugin <= 2.14.46 - Unauthenticated SQL Injection via Predictable API Key and IP Whitelist Bypass vulnerability

Unauthenticated SQL Injection via Predictable API Key and IP Whitelist Bypass vulnerability discovered by andrea bocchetti in WordPress Plugin Infility Global versions = 2.14.46...

7.5CVSS5.7AI score0.00432EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.8 views

PT-2026-4788

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 Description The firmware contains an authorization flaw within the user management API. A low-privileged authenticated user can alter the administrator account passwo...

8.8CVSS5.9AI score0.0029EPSS
Exploits0References6
CVE
CVE
added 2026/01/22 9:18 a.m.16 views

CVE-2026-1332

CVE-2026-1332 affects MeetingHub (HAMASTAR Technology). The Red Hat, NVD, CVE lists describe a Missing Authentication vulnerability that lets unauthenticated remote attackers access specific API functions and retrieve meeting-related information. There are no details about affected versions, root...

6.9CVSS5.5AI score0.00417EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/01/21 12:4 p.m.9 views

EUVD-2026-3683

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...

2.7CVSS5.4AI score0.0032EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/19 5:58 p.m.3 views

CVE-2026-23833 ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...

6.3CVSS5.5AI score0.00273EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/16 11:25 a.m.5 views

EUVD-2026-2916

Mattermost versions 10.11.x = 10.11.8, 11.1.x = 11.1.1, 11.0.x = 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops...

6.8CVSS6.2AI score0.00274EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2026/01/16 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-52665

A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. ...

10CVSS5.8AI score0.40972EPSS
In wildExploits0References2
Cvelist
Cvelist
added 2026/01/14 2:42 p.m.24 views

CVE-2026-22240 Plaintext Passwords Vulnerability in BLUVOYIX

The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable users API to retrieve the...

10CVSS0.03001EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/13 2:31 p.m.59 views

CVE-2025-13447 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters...

8.4CVSS0.25389EPSS
Exploits0References4
OSV
OSV
added 2026/01/13 9:7 a.m.5 views

BIT-GITLAB-2025-13772 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API...

7.1CVSS6.7AI score0.00386EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.6 views

PT-2026-2443

Name of the Vulnerable Software and Affected Versions Progress LoadMaster affected versions not specified Description An authenticated attacker with “User Administration” permissions can execute arbitrary commands on the LoadMaster appliance. This is due to unsanitized input in the API input...

8.4CVSS5.8AI score0.25389EPSS
Exploits0References12
OSV
OSV
added 2026/01/12 6:7 p.m.3 views

GHSA-9RP8-H4G8-8766 Weblate wlc has insecure API key configuration

Impact Historically, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be used against different server. Patches https://github.com/WeblateOrg/wlc/pull/1098 Workarounds Remove unscoped...

5.3CVSS7AI score0.00164EPSS
Exploits0References5
Rows per page
Query Builder