Lucene search
K

5 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2025-71385

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.7AI score0.00221EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/04 7:31 p.m.28 views

CVE-2026-41522 Iris has an Improper Authorization issue

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS0.00246EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.11 views

PT-2026-41200

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.0 Description The endpoint "/api/v1/memories/ef" is accessible without authentication and executes the function request.app.state.EMBEDDING FUNCTION. This allows unauthenticated users to trigger embedding...

6.5CVSS5.8AI score0.00341EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2026/05/13 3:33 p.m.11 views

Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy

Summary The Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to the backend Solr server without restriction. An attacker could read the complete Solr index and, in default Solr deployments,...

9.8CVSS6AI score0.0041EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/13 3:33 p.m.7 views

GHSA-2RGP-F66F-4499 Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy

Summary The Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to the backend Solr server without restriction. An attacker could read the complete Solr index and, in default Solr deployments,...

9.8CVSS6AI score0.0041EPSS
Exploits0References6
Rows per page
Query Builder