Lucene search
K

19 matches found

Cvelist
Cvelist
added 2026/04/29 6:6 p.m.36 views

CVE-2026-7439 AgentFlow Local Web API Content-Type Validation Bypass

AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation...

4.8CVSS0.00089EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/03 6:31 p.m.3 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the FastAPI endpoints under /ajax-api/3.0/jobs/ when the basic-auth app is enabled. An attacker can gain unauthorized access to submit, read, search, and cancel jobs by sending network...

9.8CVSS7.7AI score0.04392EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/02 6:15 a.m.2 views

Missing Authentication for Critical Function

Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /api/vanna/v2/chatpoll, /api/vanna/v2/chatsse, and /api/vanna/v2/chatwebsocket endpoints. An attacker can gain unauthorized access...

7.5CVSS7.1AI score0.00414EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.10 views

PT-2026-23790

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.13 Description Flowise has an issue where the NVIDIA NIM router endpoint '/api/v1/nvidia-nim/' was incorrectly whitelisted in the global authentication middleware. This allowed unauthenticated access to sensitive...

9.8CVSS5.8AI score0.3625EPSS
Exploits2References13
OSV
OSV
added 2026/01/23 9:15 p.m.5 views

CVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...

9.4CVSS5.9AI score0.00413EPSS
Exploits0References2
NVD
NVD
added 2026/01/23 9:15 p.m.10 views

CVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...

9.4CVSS0.00413EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 12:0 a.m.16 views

CVE-2025-52024

CVE-2025-52024 affects Aptsys POS Platform Web Services. Affected: Aptsys POS Platform Web Services version(s) prior to 2025-05-29. Root cause: unauthenticated access exposes internal API testing tooling and a directory-style index of backend services and POS web services, each with HTML forms fo...

9.4CVSS5.7AI score0.00413EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.8 views

Aptsys Gemscms POS Platform security vulnerabilities

Aptsys Gemscms POS Platform is a catering management system developed by the Indian company Aptsys. There is a security vulnerability in the Aptsys Gemscms POS Platform, which stems from the internal API testing tools being exposed to unverified users. This vulnerability could allow unauthorized...

9.4CVSS5.9AI score0.00413EPSS
Exploits0References3
Veracode
Veracode
added 2026/01/07 5:7 a.m.8 views

Improper Authentication

Langflow is vulnerable to Improper Authentication. The vulnerability is due to missing authentication and authorization checks on critical API endpoints, which allows an unauthenticated attacker to access sensitive user data and perform unauthorized destructive operations...

9.3CVSS7.2AI score0.20655EPSS
Exploits1References3Affected Software2
Snyk
Snyk
added 2026/01/02 9:11 p.m.4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function on the critical API endpoints messages, transactions, and session, handling sensitive user data and system operations. An unauthenticated attacker can access confidential conversation data an...

9.3CVSS5.9AI score0.20655EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/02 7:11 p.m.4 views

EUVD-2026-0034

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

9.3CVSS6.6AI score0.20655EPSS
Exploits1References4
CVE
CVE
added 2026/01/02 7:11 p.m.40 views

CVE-2026-21445

CVE-2026-21445 (Langflow) : Multiple critical API endpoints expose data and allow destructive actions due to missing authentication controls. Affected endpoints include GET /api/v1/monitor/messages, GET /api/v1/monitor/transactions, and DELETE /api/v1/monitor/messages/session/{session_id}. Eviden...

9.3CVSS6.7AI score0.20655EPSS
In wildExploits1References2Affected Software1
Cvelist
Cvelist
added 2026/01/02 7:11 p.m.73 views

CVE-2026-21445 Langflow Missing Authentication on Critical API Endpoints

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

9.3CVSS0.20655EPSS
Exploits1References2
CVE
CVE
added 2025/12/26 12:0 a.m.9 views

CVE-2025-67013

The CVE-2025-67013 entry concerns ETL Systems Ltd DEXTRA Series Digital L-Band Distribution System v1.8. The web management interface does not implement CSRF protections (no tokens, no Origin/Referer validation) on critical configuration endpoints, per Red Hat and NVD entries. Affected component:...

6.5CVSS6.6AI score0.00154EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/12/22 10:16 p.m.9 views

CVE-2025-65856

Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical...

9.8CVSS5.8AI score0.00849EPSS
Exploits4References3
NVD
NVD
added 2025/12/22 10:16 p.m.10 views

CVE-2025-65856

Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical...

9.8CVSS0.00849EPSS
Exploits4References2
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.13 views

PT-2025-52686

Name of the Vulnerable Software and Affected Versions Xiongmai XM530 IP cameras version V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 Description An authentication bypass issue exists in Xiongmai XM530 IP cameras. This allows unauthenticated remote attackers to access sensitive device information...

9.8CVSS6.8AI score0.00849EPSS
Exploits4References16
OSV
OSV
added 2025/11/07 6:15 p.m.4 views

CVE-2025-63716

The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints...

6.5CVSS5.8AI score0.00132EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.6 views

PT-2025-45478

Name of the Vulnerable Software and Affected Versions SourceCodester Leads Manager Tool version 1.0 Description The application is susceptible to Cross-Site Request Forgery CSRF attacks, enabling unauthorized modification of application state. The application does not implement CSRF protection...

6.6AI score0.00132EPSS
Exploits1References6
Rows per page
Query Builder