Lucene search
K

27 matches found

NVD
NVD
added 4 days ago5 views

CVE-2026-57474

Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker’s reconnaissance effort. On 2026-03-25, AI Assist for Customer restricted network access and enforced...

6.9CVSS0.00279EPSS
Exploits0References4
NVD
NVD
added 4 days ago7 views

CVE-2026-57475

Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. These additions were not used by the system. On 2026-03-25, AI Assist for Customer restricted network access an...

6.9CVSS0.0034EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42976

Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation RAG corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced...

6.3CVSS6.1AI score0.00238EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42975

Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. These additions were not used by the system. On 2026-03-25, AI Assist for Customer restricted network access an...

6.9CVSS6.2AI score0.0034EPSS
Exploits0References4
CVE
CVE
added 4 days ago9 views

CVE-2026-57474

The CVE entry CVE-2026-57474 concerns Deloitte AI Assist for Customer. Public-facing API endpoints accepted unauthenticated requests, exposing configuration information that could aid an attacker’s reconnaissance. The root cause is exposure of configuration data via unauthenticated access to API ...

6.9CVSS6.1AI score0.00279EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-410 mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind

Resolution Fixed in v3.1.0, released 2026-05-25. The fix was merged in PR 95 at commit 1c7d3f9. The fix changes the default HTTP bind host to 127.0.0.1, refuses non-loopback HTTP/HTTPS exposure unless OAuth is enabled, makes Helm exposure opt-in and OAuth-gated, and adds parser-backed...

10CVSS6.1AI score0.00498EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/29 4:44 a.m.8 views

CVE-2026-54233

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A remote attacker could exploit a vulnerability in the /v1/audio/transcriptions endpoint. By uploading a specially crafted compressed audio file, such as an OPUS file, the attacker could cause the system to...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/10 4:44 p.m.4 views

EUVD-2026-10553

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...

8.3CVSS5.9AI score0.00608EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/11/18 12:5 p.m.6 views

CVE-2025-9312 Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products

A missing authentication enforcement vulnerability exists in the mutual TLS mTLS implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificate–based authentication in certain default configurations, the affected components ma...

9.8CVSS7AI score0.00222EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/18 12:5 p.m.12 views

CVE-2025-9312 Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products

A missing authentication enforcement vulnerability exists in the mutual TLS mTLS implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificate–based authentication in certain default configurations, the affected components ma...

9.8CVSS0.00222EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-28346

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01762EPSS
Exploits0References3
OSV
OSV
added 2025/08/08 6:4 a.m.3 views

BIT-VAULT-2025-6013 Vault LDAP MFA Enforcement Bypass When Using Username As Alias

Vault and Vault Enterprise’s “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...

8.1CVSS6AI score0.00502EPSS
Exploits0References2
OSV
OSV
added 2025/06/10 8:36 p.m.2 views

GHSA-RH67-4C8J-HJJH Nautobot may allows uploaded media files to be accessible without authentication

Impact Files uploaded by users to Nautobot's MEDIAROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by...

6.3CVSS5.8AI score0.00383EPSS
Exploits0References7
NVD
NVD
added 2025/06/10 4:15 p.m.15 views

CVE-2025-49143

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot's MEDIAROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint...

6.3CVSS0.00383EPSS
Exploits0References5
CVE
CVE
added 2025/06/10 3:43 p.m.57 views

CVE-2025-49143

Summary: CVE-2025-49143 affects Nautobot before v2.4.10 and v1.6.32. The issue is improper access control on files stored in Nautobot’s MEDIA_ROOT, including DeviceType images and other attachments, which could be retrieved by anonymous users via guessed URLs. Affected versions: Nautobot 2.x vers...

6.3CVSS6.7AI score0.00383EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/15 1:11 a.m.19 views

CVE-2025-43004

Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards PODs that enable outside users to access customer data when they access these dashboards. Since no mechanisms exist to enforce authentication, malicious unauthenticated users can view...

5.3CVSS7AI score0.00312EPSS
Exploits0References1
Veracode
Veracode
added 2024/07/16 5:50 a.m.13 views

Information Disclosure

fastapi-opa is vulnerable to Information Disclosure. The vulnerability is due to lack of authentication enforcement for HTTP OPTIONS requests by OpaMiddleware, allowing an unauthenticated attacker to determine the existence of entities within the application based on the responses to these reques...

5.8CVSS7AI score0.00563EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2022/02/03 2:5 p.m.623 views

Critical Flaws Discovered in Cisco Small Business RV Series Routers

Cisco has patched multiple critical security vulnerabilities impacting its RV Series routers that could be weaponized to elevate privileges and execute arbitrary code on affected systems, while also warning of the existence of proof-of-concept PoC exploit code targeting some of these bugs. Three ...

10CVSS0.8AI score0.80031EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2021/03/18 12:0 a.m.34 views

Cisco SD-WAN Solution Privilege Escalation (cisco-sa-20190619-sdwan-privesca)

According to its self-reported version, Cisco SD-WAN Solution is affected by a vulnerability due to insufficient authorization enforcement. An authenticated, local attacker can exploit this, by authenticating to the targeted device and executing commands, in order to elevate lower-level privilege...

7.8CVSS7.3AI score0.00419EPSS
Exploits0References3
CNVD
CNVD
added 2021/01/14 12:0 a.m.3 views

Loxone Miniserver Authorization Issues Vulnerability

Loxone Miniserver is a server that provides energy management and monitoring functions for automation of equipment and homes in buildings and houses by Loxone Corporation. Loxone Miniserver version 11.1.9.3 previously had an authorization issue vulnerability that arose from the inability of devic...

9.8CVSS7.1AI score0.01962EPSS
Exploits1References1
Rows per page
Query Builder