Lucene search
K

37 matches found

OSV
OSV
added 2026/04/10 8:59 p.m.3 views

GHSA-75HX-XJ24-MQRW n8n-mcp has unauthenticated session termination and information disclosure in HTTP transport

Summary Several HTTP transport endpoints in n8n-mcp lacked proper authentication, and the health check endpoint exposed sensitive operational metadata without credentials. Impact An unauthenticated attacker with network access to the n8n-mcp HTTP server could disrupt active MCP sessions and gathe...

8.2CVSS5.7AI score
Exploits0References4
CVE
CVE
added 2026/04/06 9:45 p.m.18 views

CVE-2026-35448

CVE-2026-35448 affects WWBN AVideo prior to version 27.x (plugin: BlockonomicsYPT/check.php). The endpoint accepts a Bitcoin address via GET and returns the corresponding payment order data without any authentication or access control. This enables unauthenticated disclosure of sensitive fields s...

3.7CVSS5.9AI score0.00318EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/03/27 2:25 p.m.9 views

CVE-2026-33763

CVE-2026-33763 affects WWBN AVideo up to version 26.0. The vulnerability is in the get_api_video_password_is_correct endpoint, which allows any unauthenticated user to verify whether a video password is correct for any password‑protected video. The endpoint returns a boolean passwordIsCorrect wit...

5.3CVSS5.8AI score0.0032EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/27 2:25 p.m.5 views

CVE-2026-33763

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getapivideopasswordiscorrect API endpoint allows any unauthenticated user to verify whether a given password is correct for any password-protected video. The endpoint returns a boolean passwordIsCorrect field...

5.3CVSS5.8AI score0.0032EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/20 4:8 a.m.22 views

CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...

8.7CVSS0.00427EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 4:8 a.m.5 views

CVE-2026-32949

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...

8.7CVSS5.9AI score0.00427EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.11 views

Adminer 输入验证错误漏洞

Adminer is an open-source WordPress plugin developed by Adminer. It allows WordPress administrators to perform database management tasks quickly. Versions of Adminer prior to 5.4.1 had a vulnerability related to input validation errors. This vulnerability stemmed from a lack of source verificatio...

7.5CVSS5.8AI score0.01586EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/08 7:13 a.m.9 views

CVE-2026-2074

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /xprogramcenter/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is...

6.5CVSS6.3AI score0.00266EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/07 4:2 a.m.36 views

CVE-2026-2074 O2OA HTTP POST Request check xml external entity reference

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /xprogramcenter/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is...

6.5CVSS0.00266EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/07 4:2 a.m.5 views

CVE-2026-2074 O2OA HTTP POST Request check xml external entity reference

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /xprogramcenter/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is...

6.5CVSS5.4AI score0.00266EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/01/25 3:15 p.m.5 views

CVE-2026-23009

In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhcisidebandremoveendpoint incorrecly assumes that the endpoint is running and has a valid transfer ring. Lianqin reported a crash during suspend/wake-u...

5.5CVSS5.6AI score0.00135EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/19 7:1 p.m.5 views

CVE-2026-23845

Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery SSRF via HTML Check CSS Download. The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the...

7.5CVSS5.4AI score0.00396EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.9 views

PT-2026-3356

The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygent check webhook function combined with the paygent permission callback function unconditionally returning...

5.3CVSS5.9AI score0.00261EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/01/23 12:0 a.m.4 views

Elastic Kibana 代码问题漏洞

Elastic Kibana is a usable data visualization dashboard software from Elastic. A security vulnerability exists in Elastic Kibana that stems from server-side request forgery in the /api/fleet/healthcheck API, which can be used to send requests to internal endpoints...

4.3CVSS6.5AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/24 12:0 a.m.4 views

PT-2024-28268 · Wavlink · Wavlink Wn551K1

Name of the Vulnerable Software and Affected Versions: WAVLINK WN551K1 affected versions not specified Description: The issue allows attackers to obtain sensitive router information through the 'live check.shtml' endpoint. Recommendations: At the moment, there is no information about a newer...

5.3CVSS6.7AI score0.00402EPSS
Exploits1References4
RubySec
RubySec
added 2018/11/09 12:0 a.m.29 views

Reflected XSS in Firefox in check endpoint

When passing an invalid check name as parameter to the endpoint where the easymon routes are mounted, a 406 response with a body that contains the invalid check name unescaped is returned. Malicious JavaScript can be injected into that invalid name and have it executed in Firefox...

6.1CVSS1.5AI score0.00896EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2018/10/08 3:29 p.m.9 views

PYSEC-2018-20

privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user== to /validate/check url. This vulnerability appears to have been fixed in 2.23.2...

7.5CVSS6.9AI score0.01675EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder