Lucene search
K

7669 matches found

ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-59097

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS6AI score0.00344EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41425

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS5.9AI score0.0047EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-59094

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS5.9AI score0.0047EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41424

Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers POST /authz/users/id/assign and /authz/groups/id/assign authorize only that the caller may assign role...

8.8CVSS5.8AI score0.00289EPSS
Exploits0References4
CVE
CVE
added 3 days ago8 views

CVE-2026-59092

JuiceFS

7.7CVSS5.9AI score0.00266EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-59092

JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiting improper handler registration on the shared http.DefaultServeMux. Attackers can request the...

7.7CVSS5.9AI score0.00266EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41423

JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiting improper handler registration on the shared http.DefaultServeMux. Attackers can request the...

7.7CVSS5.9AI score0.00266EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago6 views

EUVD-2025-210409

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.7AI score0.00221EPSS
Exploits0References4
NVD
NVD
added 3 days ago8 views

CVE-2026-55113

A malicious actor with access to the network could exploit a Server-Side Request Forgery SSRF vulnerability found in UniFi Talk Application to execute a Denial of Service DoS attack and bypass authentication in certain UniFi Talk API endpoints...

7.5CVSS0.00238EPSS
Exploits0References1
NVD
NVD
added 3 days ago7 views

CVE-2026-54407

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints...

8.6CVSS0.00306EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41394

A malicious actor with access to the network could exploit a Server-Side Request Forgery SSRF vulnerability found in UniFi Talk Application to execute a Denial of Service DoS attack and bypass authentication in certain UniFi Talk API endpoints...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-55113

A malicious actor with access to the network could exploit a Server-Side Request Forgery SSRF vulnerability found in UniFi Talk Application to execute a Denial of Service DoS attack and bypass authentication in certain UniFi Talk API endpoints...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41379

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints...

8.6CVSS5.8AI score0.00306EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-54407

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints...

8.6CVSS0.00306EPSS
Exploits0References1
NVD
NVD
added 3 days ago4 views

CVE-2026-11946

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...

7.5CVSS0.00386EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-11946 GetEndpoints Memory Exhaustion in open62541

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...

7.5CVSS0.00386EPSS
Exploits0References3
Nuclei
Nuclei
added 3 days ago161 views

OpenMetadata - Authentication Bypass

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request...

9.8CVSS7.6AI score0.73255EPSS
Exploits5References5
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-8147

In MLflow versions prior to 3.14.0, when running with authentication enabled, the trace API endpoints lack proper authorization validators. This allows any authenticated user to bypass experiment-level authorization controls on all trace operations, including reading, deleting, and modifying trac...

8.1CVSS7.3AI score0.00337EPSS
Exploits0References3
CVE
CVE
added 3 days ago10 views

CVE-2026-8147

CVE-2026-8147 – MLflow trace API authorization bypass : In MLflow versions prior to 3.14.0 running with authentication enabled, the trace API endpoints lack proper authorization validators because the _before_request handler does not register validators for trace endpoints. This allows any authen...

8.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-8147 Authorization Bypass in mlflow/mlflow

In MLflow versions prior to 3.14.0, when running with authentication enabled, the trace API endpoints lack proper authorization validators. This allows any authenticated user to bypass experiment-level authorization controls on all trace operations, including reading, deleting, and modifying trac...

8.1CVSS0.00337EPSS
Exploits0References2
Rows per page
Query Builder