Lucene search
K

386 matches found

CVE
CVE
added 2026/05/05 3:0 p.m.15 views

CVE-2026-7844

CVE-2026-7844 concerns the chatchat-space Langchain-Chatchat project up to version 0.3.1.3. The vulnerability resides in the Compatible File Service, specifically the function set in libs/chatchat-server/chatchat/server/api_server/openai_routes.py (delete_file, as well as related file endpoints l...

6.3CVSS6.4AI score0.00322EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/04 12:15 a.m.4 views

CVE-2026-7714 crocodilestick Calibre-Web-Automated Admin Endpoint cwa_functions.py missing authentication

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

6.9CVSS6.2AI score0.00456EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/30 5:0 a.m.29 views

CVE-2025-13030

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...

7.1CVSS0.00308EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/30 5:0 a.m.5 views

CVE-2025-13030

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...

7.1CVSS6.3AI score0.00308EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.10 views

django-mdeditor 访问控制错误漏洞

django-mdeditor is an Editor.md-based Django Markdown editor plugin developed by DeanWu. django-mdeditor has a access control vulnerability, which stems from the lack of key functionality for authentication at the image upload endpoint. This vulnerability allows attackers to upload malicious file...

9.8CVSS6AI score0.00308EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/28 5:34 p.m.3 views

CVE-2026-3893

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

9.4CVSS5.2AI score0.00373EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/23 9:24 p.m.7 views

CVE-2026-26210 KTransformers Unsafe Deserialization RCE via balance_serve

KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balanceserve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads without validation. Attackers can...

9.8CVSS6.2AI score0.00703EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/23 8:10 p.m.4 views

CVE-2026-6376 Missing authentication for critical function in SpiceJet Online Booking System

A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...

8.7CVSS5.3AI score0.00497EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/23 8:39 a.m.4 views

Missing Critical Step in Authentication

Overview org.apache.httpcomponents.client5:httpclient5 is a HttpClient component of the Apache HttpComponents project. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the AuthenticationHandler's handleResponse method. The client may accept...

7.3CVSS5.4AI score0.00456EPSS
Exploits0References2
ICS
ICS
added 2026/04/23 6:0 a.m.7 views

Carlson Software VASCO-B GNSS Receiver

RISK EVALUATION Successful exploitation of this vulnerability could enable a remote attacker to alter critical system functions or disrupt device operation. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize...

9.4CVSS5.8AI score0.00373EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2026/04/22 7:7 a.m.7 views

CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.3AI score0.00456EPSS
Exploits0
CVE
CVE
added 2026/04/20 3:19 a.m.16 views

CVE-2026-32957

Technical details about CVE-2026-32957 are not publicly available in the provided connected documents. Monitor for updates from vendors and security advisories.

6.9CVSS5.8AI score0.00274EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/19 10:0 p.m.42 views

CVE-2026-6579 liangliangyy DjangoBlog Clean Endpoint views.py missing authentication

A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the...

6.9CVSS0.00433EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.10 views

Note Mark 安全漏洞

Note Mark is a web-based Markdown note-taking application developed by Leo Spratt. Versions of Note Mark prior to 0.19.1 contained a security vulnerability. This vulnerability stemmed from the asset download endpoint at /api/notes/noteID/assets/assetID, which did not register an authentication...

5.9CVSS5.8AI score0.00409EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/13 7:31 p.m.7 views

Note Mark has Broken Access Control on Asset Download

Summary A broken access control vulnerability allows unauthenticated users to retrieve note assets directly from the asset download endpoint when they know both the note UUID and asset UUID. This exposes the full contents of private note assets without authentication, even when the associated boo...

5.9CVSS5.8AI score0.00409EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/12 7:45 p.m.15 views

CVE-2026-6129

The CVE-2026-6129 entry concerns zhayujie chatgpt-on-wechat CowAgent up to version 2.0.4. The vulnerability affects the Agent Mode Service component, with root cause described as a manipulation that results in missing authentication. Attack requires no privileges and can be initiated remotely ove...

7.5CVSS6.8AI score0.00391EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/12 12:30 p.m.9 views

EUVD-2026-21730

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The exploit has been made...

7.5CVSS6.8AI score0.00397EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/10 9:6 p.m.20 views

CVE-2026-5724 Missing Authentication on Streaming gRPC Replication Endpoint

The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and authorization, but the streaming AdminService/StreamWorkflowReplicationMessages endpoint accepted requests...

6.3CVSS0.0051EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/10 8:59 p.m.2 views

Missing Authentication for Critical Function

Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to missing authentication in several HTTP transport endpoints and exposure of sensitive operationa...

8.8CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2026/04/07 5:8 p.m.18 views

CVE-2026-22680 OpenViking < 0.3.3 Missing Authorization via Task Polling

OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/taskid routes withou...

6.9CVSS0.00384EPSS
Exploits1References4
Rows per page
Query Builder