Lucene search
+L

2934 matches found

attackerkb
attackerkb
added yesterday5 views

CVE-2026-53516

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, Better Auth's OAuth callback auto-link gate in handleOAuthUserInfo accepts implicit account linking when the OAuth provider asserts emailverified: true without requiring the local user row's emailVerified...

8.3CVSS6.1AI score0.00019EPSS
Exploits0References5Affected Software1
nvd
nvd
added yesterday5 views

CVE-2026-61644

FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, the POST /api/core/chat/record/getCollectionQuote endpoint authenticates the caller's chat and collection context, but the initialId center-node lookup is not bound to that authorized context. A low-privileged...

7.7CVSS
Exploits0References4
euvd
euvd
added yesterday5 views

EUVD-2026-44677

FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, the POST /api/core/chat/record/getCollectionQuote endpoint authenticates the caller's chat and collection context, but the initialId center-node lookup is not bound to that authorized context. A low-privileged...

7.7CVSS6.1AI score
Exploits0References4
redhatcve
redhatcve
added yesterday4 views

CVE-2026-47429

A flaw was found in Vitest, a testing framework. On Windows, the Vitest UI/API server incorrectly handled file serving, which could allow an attacker to read sensitive files outside the project directory. Additionally, exposed API features could be exploited to execute arbitrary scripts, leading ...

9.8CVSS6.2AI score0.01024EPSS
Exploits0References10
nvd
nvd
added yesterday6 views

CVE-2026-61427

PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport without authentication by default: the CLI --api-key option defaults to None, and the server only enforces Authorization/Bearer checks when an API key is configured. When an operator runs 'praisonai mcp serve --transport http-stream'...

7.3CVSS
Exploits0References2
cvelist
cvelist
added yesterday22 views

CVE-2026-61435 PraisonAI before 4.6.78 Authentication Bypass via Host Header Spoofing

PraisonAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints src/praisonai/praisonai/api/agentinvoke.py when PRAISONAICALLAUTH=disabled is configured. The safeguard intended to restrict the disabled-auth opt-out to localhost binding derives the bind host fr...

8.8CVSS
Exploits0References4
euvd
euvd
added yesterday4 views

EUVD-2026-44641

PraisonAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints src/praisonai/praisonai/api/agentinvoke.py when PRAISONAICALLAUTH=disabled is configured. The safeguard intended to restrict the disabled-auth opt-out to localhost binding derives the bind host fr...

8.8CVSS6.1AI score
Exploits0References4
cve
cve
added yesterday5 views

CVE-2026-61435

PraisionAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints (src/praisonai/praisonai/api/agent_invoke.py) when PRAISONAI_CALL_AUTH=disabled is configured. The localhost-only restriction is derived from request.url.hostname via the client-controlled Host h...

8.8CVSS6.1AI score
Exploits0References4
cvelist
cvelist
added yesterday26 views

CVE-2026-61427 PraisonAI before 4.6.78 Authentication Bypass via HTTP-stream

PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport without authentication by default: the CLI --api-key option defaults to None, and the server only enforces Authorization/Bearer checks when an API key is configured. When an operator runs 'praisonai mcp serve --transport http-stream'...

7.3CVSS
Exploits0References2
euvd
euvd
added yesterday4 views

EUVD-2026-44638

PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport without authentication by default: the CLI --api-key option defaults to None, and the server only enforces Authorization/Bearer checks when an API key is configured. When an operator runs 'praisonai mcp serve --transport http-stream'...

7.3CVSS6.1AI score
Exploits0References2
cve
cve
added yesterday5 views

CVE-2026-61427

PraisonAI before 4.6.78 has an authentication bypass in the MCP HTTP-stream transport: running with --transport http-stream and no API key allows unauthenticated clients to initialize sessions, enumerate tools (tools/list), and invoke tools (tools/call). The dispatcher forwards tool-call argument...

7.3CVSS6.1AI score
Exploits0References2
nvd
nvd
added 2 days ago3 views

CVE-2026-59889

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.18.0 until 2.18.9, 2.21.5, 2.22.1, 3.1.5, and 3.2.1, UnwrappedPropertyHandler.processUnwrapped replays buffered JSON for a @JsonUnwrapped property and calls...

6.5CVSS0.00416EPSS
Exploits0References4
nvd
nvd
added 2 days ago5 views

CVE-2026-48758

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.2.1, the preAuthEncoding function in @sigstore/core uses Node.js ascii encoding when converting the PAE string to bytes, allowing payloadType to be mutated after signing without invalidating the signature...

5.4CVSS0.00264EPSS
Exploits0References4
cvelist
cvelist
added 2 days ago36 views

CVE-2026-48758 sigstore-js: DSSE payloadType type-binding failure

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.2.1, the preAuthEncoding function in @sigstore/core uses Node.js ascii encoding when converting the PAE string to bytes, allowing payloadType to be mutated after signing without invalidating the signature...

5.4CVSS0.00264EPSS
Exploits0References4
cve
cve
added 2 days ago27 views

CVE-2026-48758

CVE-2026-48758 affects sigstore-js with a flaw in the preAuthEncoding function in @sigstore/core: it uses Node.js ASCII encoding when converting PAE strings to bytes, allowing payloadType to be mutated after signing without invalidating the DSSE signature. The issue is fixed in @sigstore/core ver...

5.4CVSS6.1AI score0.00264EPSS
Exploits0References4
cve
cve
added 2 days ago37 views

CVE-2026-45077

CVE-2026-45077 concerns Symfony’s server:log listener (part of Symfony\Bridge\Monolog) which binds to 0.0.0.0:9911 by default and processes each frame with unserialize(base64_decode($message)) without authentication or an allowed-classes allowlist. This permits any reachable host to submit attack...

8.6CVSS6.1AI score0.00551EPSS
Exploits0References6Affected Software1
osv
osv
added 2 days ago3 views

CVE-2026-52841 Easy!Appointments: Authorization bypass in Google OAuth provider binding lets any backend user rebind a peer provider's Google sync

Easy!Appointments is a self hosted appointment scheduler. In versions prior to 1.6.0, Google::oauth at application/controllers/Google.php:278 stores its URL-supplied providerid in the session, and oauthcallback saves the issued Google OAuth token against that row without checking the caller owns...

3.1CVSS6.1AI score0.00129EPSS
Exploits0References4
cve
cve
added 2 days ago14 views

CVE-2026-52841

Easy!Appointments before 1.6.0 is vulnerable to an Authorization bypass in Google OAuth provider binding. The issue: in Google::oauth (application/controllers/Google.php:278), the provider_id supplied in the request is stored in the session and oauth_callback saves the Google OAuth token against ...

3.1CVSS6.1AI score0.00129EPSS
Exploits0References2
cve
cve
added 2 days ago13 views

CVE-2026-12988

CVE-2026-12988 affects the WP 2FA WordPress plugin up to version 3.1.1.2. The root cause is that the plugin does not verify that the email address used during two-factor authentication setup belongs to the user, enabling an attacker who already has the user’s credentials to redirect the setup ver...

6.4CVSS6.1AI score0.00169EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago31 views

CVE-2026-12988 WP 2FA < 3.1.1.2 - Account Takeover via 2FA Setup Email Binding

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and tak...

0.00169EPSS
Exploits0References1
Rows per page
Query Builder