Lucene search
+L

42 matches found

euvd
euvd
added yesterday4 views

EUVD-2026-44750

GPUStack through 2.2.1, fixed in commit 4e20551, contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to access sensitive inference logs and modify worker configuration by exploiting unprotected /serveLogs and /debug endpoints on the worker port...

8.8CVSS6.1AI score
Exploits0References4
snyk
snyk
added 2026/07/02 10:18 p.m.6 views

Active Debug Code

Overview Affected versions of this package are vulnerable to Active Debug Code via improper handler registration on the shared http.DefaultServeMux. An attacker can gain unauthorized access to sensitive debug and metrics endpoints by sending crafted requests, potentially exposing process command...

7.7CVSS6AI score0.00266EPSS
Exploits0References2
snyk
snyk
added 2026/07/02 10:18 p.m.4 views

Active Debug Code

Overview Affected versions of this package are vulnerable to Active Debug Code via improper handler registration on the shared http.DefaultServeMux. An attacker can gain unauthorized access to sensitive debug and metrics endpoints by sending crafted requests, potentially exposing process command...

7.7CVSS6AI score0.00266EPSS
Exploits0References2
snyk
snyk
added 2026/07/02 10:18 p.m.4 views

Active Debug Code

Overview Affected versions of this package are vulnerable to Active Debug Code via improper handler registration on the shared http.DefaultServeMux. An attacker can gain unauthorized access to sensitive debug and metrics endpoints by sending crafted requests, potentially exposing process command...

7.7CVSS6AI score0.00266EPSS
Exploits0References2
nvd
nvd
added 2026/07/02 8:17 p.m.5 views

CVE-2026-59092

JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiting improper handler registration on the shared http.DefaultServeMux. Attackers can request the...

7.7CVSS0.00266EPSS
Exploits0References4
cve
cve
added 2026/07/02 7:39 p.m.21 views

CVE-2026-59092

JuiceFS

7.7CVSS5.9AI score0.00266EPSS
Exploits0References4
euvd
euvd
added 2026/07/02 7:39 p.m.8 views

EUVD-2026-41423

JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiting improper handler registration on the shared http.DefaultServeMux. Attackers can request the...

7.7CVSS5.9AI score0.00266EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/07/02 7:39 p.m.8 views

CVE-2026-59092

JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiting improper handler registration on the shared http.DefaultServeMux. Attackers can request the...

7.7CVSS5.9AI score0.00266EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/07/02 7:39 p.m.5 views

CVE-2026-59092 JuiceFS - Authentication Bypass via pprof and metrics Endpoints

JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiting improper handler registration on the shared http.DefaultServeMux. Attackers can request the...

7.7CVSS6AI score0.00266EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/02 7:39 p.m.36 views

CVE-2026-59092 JuiceFS - Authentication Bypass via pprof and metrics Endpoints

JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiting improper handler registration on the shared http.DefaultServeMux. Attackers can request the...

7.7CVSS0.00266EPSS
Exploits0References4
osv
osv
added 2026/07/02 7:39 p.m.3 views

CVE-2026-59092 JuiceFS - Authentication Bypass via pprof and metrics Endpoints

JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiting improper handler registration on the shared http.DefaultServeMux. Attackers can request the...

7CVSS6AI score0.00266EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/07/02 12:0 a.m.12 views

PT-2026-55293

Name of the Vulnerable Software and Affected Versions JuiceFS versions prior to 1.3.2 Description An authentication bypass exists due to improper handler registration on the shared http.DefaultServeMux. This allows unauthenticated remote attackers to access sensitive debug and metrics endpoints...

7.7CVSS6AI score0.00266EPSS
Exploits0References7
snyk
snyk
added 2026/06/19 1:52 p.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the pprof debug endpoints mounted under /debug without access control. An attacker can extract sensitive process memory, including session and apiserver tokens, and degrade server performance by holding the...

8.3CVSS5.8AI score0.00384EPSS
Exploits0References2
snyk
snyk
added 2026/06/19 1:52 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the pprof debug endpoints mounted under /debug without access control. An attacker can extract sensitive process memory, including session and apiserver tokens, and degrade server performance by holding the...

8.3CVSS5.8AI score0.00384EPSS
Exploits0References2
susecve
susecve
added 2026/06/17 2:22 a.m.6 views

SUSE CVE-2026-23517

Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server...

8.7CVSS5.2AI score0.00246EPSS
Exploits0References3
osv
osv
added 2026/06/16 12:37 p.m.7 views

BIT-DISCOURSE-2026-44779 Discourse: Bot debug endpoints disclose whisper translation audit logs

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0...

4.3CVSS5.2AI score0.00235EPSS
Exploits0References2
nvd
nvd
added 2026/06/12 9:16 p.m.15 views

CVE-2026-44779

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1,...

4.3CVSS0.00235EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/12 8:22 p.m.32 views

CVE-2026-44779 Discourse: Bot debug endpoints disclose whisper translation audit logs

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1,...

4.3CVSS0.00235EPSS
Exploits0References1
euvd
euvd
added 2026/06/12 8:22 p.m.11 views

EUVD-2026-36583

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1,...

4.3CVSS5.2AI score0.00235EPSS
Exploits0References1
cve
cve
added 2026/06/12 8:22 p.m.36 views

CVE-2026-44779

CVE-2026-44779 affects Discourse. From versions 2026.1.0-latest up to before 2026.1.4, 2026.3.0-latest up to before 2026.3.1, and 2026.4.0-latest up to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. The issue has been patched in 2026.1.4, 2026.3.1, 2026.4.1, and 202...

4.3CVSS5.2AI score0.00235EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder