Lucene search
K

45 matches found

NVD
NVD
added 2026/07/01 3:17 p.m.9 views

CVE-2026-23537

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS0.00568EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/01 1:49 p.m.6 views

CVE-2026-23537 Feast: unauthenticated arbitrary file write

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS6.2AI score0.00568EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 1:49 p.m.32 views

CVE-2026-23537 Feast: unauthenticated arbitrary file write

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS0.00568EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 1:49 p.m.6 views

EUVD-2026-40997

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS6.2AI score0.00568EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/01 1:49 p.m.5 views

CVE-2026-23537

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS6.2AI score0.00568EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54710

Name of the Vulnerable Software and Affected Versions Feast Feature Server affected versions not specified Description An unauthenticated remote attacker can write arbitrary JSON files to the server filesystem via the /save-document endpoint. The issue stems from improper input validation that...

9.1CVSS6.5AI score0.00568EPSS
Exploits0References11
CVE
CVE
added 2026/06/24 10:45 a.m.11 views

CVE-2026-13150

CVE-2026-13150 describes an SSRF in the PDF generation endpoint of ccyl13 Pentestify 1.0.0 and earlier. The vulnerability arises because GET /api/reports/{id}/pdf builds the target URL from request.base_url without validation, enabling remote attackers to cause the server to fetch arbitrary inter...

6.9CVSS6.1AI score0.00292EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.16 views

PT-2026-40422

Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full...

9.1CVSS5.8AI score0.00366EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/03 3:45 p.m.14 views

CVE-2026-7702

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack...

6.9CVSS5.5AI score0.00314EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/03/21 12:31 a.m.3 views

EUVD-2026-13816

A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...

7.5CVSS5.9AI score0.00594EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/20 10:20 p.m.4 views

CVE-2026-23537

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS6AI score0.00568EPSS
Exploits0References3
NVD
NVD
added 2026/03/20 10:16 p.m.9 views

CVE-2026-23536

A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...

7.5CVSS0.00594EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/20 9:58 p.m.4 views

CVE-2026-23536 Feast: unauthenticated arbitrary file read

A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...

7.5CVSS5.9AI score0.00594EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 9:58 p.m.3 views

CVE-2026-23536

A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...

7.5CVSS5.9AI score0.00594EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/20 9:58 p.m.29 views

CVE-2026-23536 Feast: unauthenticated arbitrary file read

A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...

7.5CVSS0.00594EPSS
Exploits0References2
CVE
CVE
added 2026/03/20 9:58 p.m.11 views

CVE-2026-23536

The CVE-2026-23536 issue affects Feast Feature Server, specifically the /read-document endpoint, allowing an unauthenticated remote attacker to read any file accessible to the server process. The root cause is a bypass of access restrictions via a crafted HTTP POST request, enabling potential exp...

7.5CVSS5.9AI score0.00594EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/20 9:58 p.m.5 views

CVE-2026-23536

A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...

7.5CVSS5.8AI score0.00594EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.3 views

PT-2026-26683

A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...

7.5CVSS5.9AI score0.00594EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/20 12:0 a.m.1 views

Directory Traversal

Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Directory Traversal via the /read-document endpoint. An attacker can access arbitrary files accessible to the server process by sending a crafted HTTP POST request. Details A Directory Traversal attack al...

8.7CVSS6.5AI score0.00594EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.11 views

Red Hat OpenShift AI 安全漏洞

Red Hat OpenShift AI is an AI lifecycle management platform developed by Red Hat Inc. There is a security vulnerability in Red Hat OpenShift AI, which stems from improper endpoint access control at the /save-document endpoint. This vulnerability could allow unverified remote attackers to write...

6AI score0.00568EPSS
Exploits0References1
Rows per page
Query Builder