Lucene search
+L

495 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/22 10:20 p.m.3 views

CVE-2026-24124

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints /api/v1/jobs lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acce...

9.3CVSS5.4AI score0.00713EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/01/22 10:20 p.m.21 views

CVE-2026-24124 Dragonfly Manager Job API Allows Unauthenticated Access

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints /api/v1/jobs lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acce...

9.3CVSS0.00713EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/22 10:20 p.m.3 views

CVE-2026-24124 Dragonfly Manager Job API Allows Unauthenticated Access

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints /api/v1/jobs lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acce...

9.3CVSS5.5AI score0.00713EPSS
Exploits1References2
CVE
CVE
added 2026/01/22 10:20 p.m.16 views

CVE-2026-24124

Dragonfly CVE-2026-24124 describes an unauthenticated access flaw in the Manager Job API. In versions 2.4.1-rc.0 and earlier, the Job API endpoints under /api/v1/jobs lack JWT authentication middleware and RBAC checks, allowing unauthenticated users with Manager API access to view, create, modify...

9.8CVSS5.5AI score0.00713EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/01/22 10:20 p.m.6 views

CVE-2026-24124 Dragonfly Manager Job API Allows Unauthenticated Access

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints /api/v1/jobs lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acce...

9.3CVSS5.5AI score0.00713EPSS
Exploits1References4
EUVD
EUVD
added 2026/01/22 6:4 p.m.7 views

EUVD-2026-3805

Dragonfly Manager Job API Unauthenticated Access...

9.3CVSS5.3AI score0.00713EPSS
Exploits1References2
OSV
OSV
added 2026/01/22 6:4 p.m.5 views

GHSA-J8HF-CP34-G4J7 Dragonfly Manager Job API Unauthenticated Access

Summary Dragonfly Manager's Job REST API endpoints lack authentication, allowing unauthenticated attackers to create, query, modify, and delete jobs, potentially leading to resource exhaustion, information disclosure, and service disruption. Affected Products - Product: Dragonfly - Component:...

9.3CVSS5.9AI score0.00713EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/01/22 6:4 p.m.36 views

Dragonfly Manager Job API Unauthenticated Access

Summary Dragonfly Manager's Job REST API endpoints lack authentication, allowing unauthenticated attackers to create, query, modify, and delete jobs, potentially leading to resource exhaustion, information disclosure, and service disruption. Affected Products - Product: Dragonfly - Component:...

9.8CVSS5.8AI score0.00713EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.9 views

Dragonfly Access Control Vulnerability

Dragonfly is an open-source framework developed by DragonflyDB, capable of dynamically processing any content type. Versions of Dragonfly 2.4.1-rc.0 and earlier contained a access control vulnerability. This vulnerability stemmed from the absence of JWT authentication and RBAC authorization check...

9.8CVSS5.8AI score0.00713EPSS
Exploits1References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/22 12:0 a.m.12 views

Dragonfly Manager Job API Unauthenticated Access

Dragonfly Manager's Job REST API endpoints lack authentication, allowing unauthenticated attackers to create, query, modify, and delete jobs, potentially leading to resource exhaustion, information disclosure, and service disruption...

9.8CVSS5.4AI score0.00713EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/22 12:0 a.m.15 views

Duplicate

This advisory duplicates another...

5.9AI score
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.10 views

CVE-2021-33473

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verifyurl option is disabled. This vulnerability is exploited via a crafted URL...

9.1CVSS7AI score0.0104EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.7 views

CVE-2021-33564

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process features...

9.8CVSS7.5AI score0.72249EPSS
Exploits4References1
EUVD
EUVD
added 2025/11/12 3:28 a.m.6 views

EUVD-2025-116946

Malicious code in significantdragonflyz3n npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 10:56 p.m.2 views

Malicious code in injured_dragonfly_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e69a4b1718322b92d918205dd95cd6c8a76f52973bc449c36000c594ee4c70bb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 8:46 p.m.2 views

Malicious code in ill_dragonfly_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1066c42a7cd3f50df3172ad6f9bbf72be6f5bec6aff5b5860aa2ccbb2c48e1f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/11 8:46 p.m.2 views

EUVD-2025-101602

Malicious code in traditionaldragonflyz3n npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 8:46 p.m.2 views

EUVD-2025-98078

Malicious code in illdragonflyz3n npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 8:46 p.m.2 views

EUVD-2025-101560

Malicious code in alivedragonflyz3n npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 8:11 p.m.2 views

EUVD-2025-105153

Malicious code in functionaldragonflyz3n npm...

6.6AI score
Exploits0
Rows per page
Query Builder