Lucene search
K

591 matches found

CVE
CVE
added 2026/05/03 11:0 p.m.21 views

CVE-2026-7709

CVE-2026-7709 affects janeczku Calibre-Web up to 0.6.26. The vulnerable element is the function generate_auth_token in cps/kobo_auth.py of the Endpoint component. The issue stems from manipulation of the argument user_id , causing improper authorization. The vulnerability can be exploited remotel...

6.5CVSS6.3AI score0.00219EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.10 views

Calibre-Web 安全漏洞

Calibre-Web is a web application developed by Jan B, designed for browsing, reading, and downloading e-books from the Calibre database. Calibre-Web versions 0.6.26 and earlier contain security vulnerabilities. These vulnerabilities stem from the generateauthtoken function in the Endpoint...

6.5CVSS6.6AI score0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/05/01 10:15 a.m.5 views

CVE-2026-7567

The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybelogintemporaryuser function, which fails to verify that the 'temp-login-token' GET parameter is a scalar string before...

9.8CVSS0.09246EPSS
Exploits3References7
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.13 views

PT-2026-37127

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.17.1 Description When a user changes their password, browser sessions are invalidated using the cycle session keys function, but Django REST Framework DRF API tokens with the wlu prefix stored in authtoken token are...

5.4CVSS5.8AI score0.00228EPSS
Exploits0References13
Exploit DB
Exploit DB
added 2026/04/30 12:0 a.m.104 views

Camaleon CMS v2.9.0 - Path Traversal

Exploit Title: Camaleon CMS v2.9.0 - Path Traversal Date: 2026-02-02 Exploit Author: Sakshi Velampudi CyberQuestor Vendor Homepage: https://github.com/owen2345/camaleon-cms Software Link: https://github.com/owen2345/camaleon-cms/releases/tag/2.9.0 Version: = 2.9.0 Tested on: Linux CVE:...

7.7CVSS5.2AI score0.1456EPSS
Exploits11
Github Security Blog
Github Security Blog
added 2026/04/24 4:15 p.m.11 views

Dgraph: Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars

Summary Dgraph v25.3.2 still exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can retrieve that token and replay it in the...

9.8CVSS5.5AI score0.02187EPSS
Exploits1References4Affected Software3
EUVD
EUVD
added 2026/04/20 3:31 p.m.7 views

EUVD-2026-23862

An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is...

5.7CVSS5.8AI score0.00121EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/20 1:38 p.m.6 views

CVE-2026-6369 Exposed Session Token in canonical-livepatch client snap

An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is...

5.7CVSS5.8AI score0.00121EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/20 1:38 p.m.27 views

CVE-2026-6369 Exposed Session Token in canonical-livepatch client snap

An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is...

5.7CVSS0.00121EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.8 views

PT-2026-33770

An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is...

5.7CVSS5.8AI score0.00121EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/18 11:6 a.m.169 views

Exploit for Incorrect Resource Transfer Between Spheres in Openclaw

CVE-2026-25253: One-Click RCE in OpenClaw via Auth Token Theft...

8.8CVSS5.9AI score0.08016EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2026/04/14 1:22 a.m.2 views

CVE-2026-39974

n8n-MCP is a Model Context Protocol MCP server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to iss...

8.5CVSS5.9AI score0.00316EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/10 7:24 p.m.4 views

Declaration of Catch for Generic Exception

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

7.9CVSS5.8AI score0.00227EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.5 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Prior to version 1.11.38 of Chamilo LMS, there were security vulnerabilities. These vulnerabilities stemmed from...

7.1CVSS5.9AI score0.00168EPSS
Exploits0References3
CVE
CVE
added 2026/04/09 6:35 p.m.16 views

CVE-2026-39912

The CVE-2026-39912 entry describes a token exposure in the loginWithMailLink flow affecting V2Board (1.6.1–1.7.4) and Xboard (up to 0.1.9). When login_with_mail_link_enable is active, the HTTP response body reveals the full authentication URL, allowing an unauthenticated attacker to POST to login...

9.1CVSS6AI score0.00584EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/04/09 6:35 p.m.2 views

CVE-2026-39912

V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the loginwithmaillinkenable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receiv...

9.1CVSS6AI score0.00584EPSS
Exploits1References9Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 6:35 p.m.1 views

CVE-2026-39912 v2board / Xboard Authentication Token Exposure via loginWithMailLink

V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the loginwithmaillinkenable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receiv...

9.1CVSS5.9AI score0.00584EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/04/09 4:45 p.m.21 views

CVE-2026-39974 n8n-MCP has an Authenticated SSRF via instance-URL header in multi-tenant HTTP mode

n8n-MCP is a Model Context Protocol MCP server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to iss...

8.5CVSS0.00316EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/09 4:45 p.m.2 views

CVE-2026-39974

n8n-MCP is a Model Context Protocol MCP server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to iss...

8.5CVSS6.1AI score0.00316EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/09 4:45 p.m.5 views

EUVD-2026-20968

n8n-MCP is a Model Context Protocol MCP server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to iss...

8.5CVSS6.1AI score0.00316EPSS
Exploits0References3
Rows per page
Query Builder