Lucene search
K

1486 matches found

euvd
euvd
added 18 hours ago7 views

EUVD-2026-43251

A vulnerability was found in Leantime up to 3.8.0. Affected is the function Setting::saveSetting of the component API. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early...

6.5CVSS6.2AI score
Exploits0References6
fedora
fedora
added yesterday8 views

[SECURITY] Fedora 43 Update: upower-1.91.3-2.fc43

UPower formerly DeviceKit-power provides a daemon, API and command line tools for managing power devices attached to the system...

6.1AI score
Exploits0
cve
cve
added 3 days ago10 views

CVE-2026-55516

CVE-2026-55516 affects Snipe-IT prior to 8.6.2. A PATCH/PUT to /api/v1/maintenances/{maintenance_id} first validates access to the maintenance and asset, then accepts attacker-controlled asset_id, allowing an authorized user to re-parent a maintenance record to an asset outside their company scop...

7.7CVSS6.1AI score0.00218EPSS
Exploits0References3Affected Software1
fedora
fedora
added 2026/07/05 1:10 a.m.9 views

[SECURITY] Fedora 44 Update: python-streamlink-8.4.0-1.fc44

Streamlink is a command-line utility that pipes video streams from various services into a video player, such as VLC. The main purpose of Streamlink is to allow the user to avoid buggy and CPU heavy flash plugins but still be able to enjoy various streamed content. There is also an API available...

6.5CVSS5.9AI score0.00345EPSS
Exploits1
fedora
fedora
added 2026/07/05 12:52 a.m.8 views

[SECURITY] Fedora 43 Update: python-streamlink-8.4.0-1.fc43

Streamlink is a command-line utility that pipes video streams from various services into a video player, such as VLC. The main purpose of Streamlink is to allow the user to avoid buggy and CPU heavy flash plugins but still be able to enjoy various streamed content. There is also an API available...

6.5CVSS5.9AI score0.00345EPSS
Exploits1
attackerkb
attackerkb
added 2026/07/02 2:50 p.m.6 views

CVE-2026-55113

A malicious actor with access to the network could exploit a Server-Side Request Forgery SSRF vulnerability found in UniFi Talk Application to execute a Denial of Service DoS attack and bypass authentication in certain UniFi Talk API endpoints...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References2
cve
cve
added 2026/07/02 2:49 p.m.14 views

CVE-2026-54407

The CVE-2026-54407 entry concerns UniFi Protect Application with an Improper Access Control flaw that allows bypassing authentication on certain API endpoints. The vulnerability enables an unauthenticated or improperly authenticated actor with network access to interact with protected UniFi Prote...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2026/07/02 2:49 p.m.7 views

CVE-2026-54407

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References2
euvd
euvd
added 2026/07/02 2:49 p.m.13 views

EUVD-2026-41379

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References1
nvd
nvd
added 2026/07/01 4:16 p.m.38 views

CVE-2026-58029

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php,...

6.5CVSS0.00328EPSS
Exploits0References1
cve
cve
added 2026/07/01 3:19 p.m.28 views

CVE-2026-58029

CVE-2026-58029 affects Wikimedia Foundation MediaWiki and enables a full account takeover via BotPasswords and OAuth through action=changeauthenticationdata. Affected versions are MediaWiki: before 1.46.0, 1.45.4, 1.44.6, 1.43.9. The issue involves the API and Special pages: ApiChangeAuthenticati...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/07/01 12:0 a.m.3 views

UBUNTU-CVE-2026-58027

Hide hit count for private/protected filters in API...

5.3CVSS5.8AI score0.00371EPSS
Exploits0References5
cvelist
cvelist
added 2026/06/30 10:8 p.m.36 views

CVE-2026-56350 n8n - SSO Enforcement Bypass via API

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...

6.3CVSS0.00258EPSS
Exploits0References2
cve
cve
added 2026/06/30 9:6 p.m.17 views

CVE-2026-58449

txtai up to 9.10.0 is affected by an unauthenticated remote code execution via the /reindex API. The function body parameter is resolved through txtai.util.Resolver, which uses import and getattr on a user-supplied dotted path without an allowlist. If the API is exposed without a TOKEN and the in...

9.8CVSS6.5AI score0.00725EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/06/30 7:55 p.m.7 views

CVE-2026-10140

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials,...

9.6CVSS5.8AI score0.00201EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/06/30 7:55 p.m.41 views

CVE-2026-10140 Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials,...

9.6CVSS0.00201EPSS
Exploits0References1
euvd
euvd
added 2026/06/30 7:55 p.m.8 views

EUVD-2026-40403

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials,...

9.6CVSS5.8AI score0.00201EPSS
Exploits0References1
euvd
euvd
added 2026/06/30 10:52 a.m.8 views

EUVD-2026-40286

Hospital Quening Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation...

8.7CVSS5.8AI score0.00437EPSS
Exploits0References2
cve
cve
added 2026/06/30 10:52 a.m.27 views

CVE-2026-14161

Advantech’s Hospital Queuing Management product is affected by a Sensitive Data Exposure vulnerability. Unauthenticated remote attackers can access a specific URL to obtain API documentation, per the CVE-2026-14161 records from NVD and CVE List. The connected documents confirm the affected produc...

8.7CVSS5.8AI score0.00437EPSS
Exploits0References2
nvd
nvd
added 2026/06/30 10:16 a.m.12 views

CVE-2025-24816

Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges...

6.5CVSS0.00276EPSS
Exploits0References1
Rows per page
Query Builder