Lucene search
K

2880 matches found

CVE
CVE
added 2026/03/18 11:17 a.m.8 views

CVE-2026-33265

The vulnerability CVE-2026-33265 affects LibreChat 0.8.1-rc2, where a logged-in user can obtain a JWT for both the LibreChat API and the RAG API. The connected documents confirm the affected product and the exact outcome (JWTs issued to an authenticated user), but they do not provide root cause d...

9CVSS5.8AI score0.00232EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.4 views

PT-2026-26029

The Get Use APIs WordPress plugin before 2.0.10 executes imported JSON, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks under certain server configurations...

5.9CVSS5.8AI score0.0014EPSS
Exploits0References4
Akamai Blog
Akamai Blog
added 2026/03/17 10:0 a.m.6 views

Apps, APIs, and DDoS 2026: The Industrialization of Cyberattack Campaigns

...

5.8AI score
Exploits0
CVE
CVE
added 2026/03/17 7:29 a.m.16 views

CVE-2026-4312

Affected product: DrangSoft GCB/FCB Audit Software. Vulnerability: Missing Authentication, enabling unauthenticated remote attackers to directly access APIs and create a new administrative account. Impact/risks: High impact on confidentiality, integrity, and availability as per CVSS metrics (CRIT...

9.8CVSS5.9AI score0.0045EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/16 4:23 p.m.4 views

GHSA-WVXV-4J8Q-4WJQ Glances exposes the REST API without authentication

Summary Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys, tokens to any network client. Details Root Cause: Authentication is...

8.7CVSS5.8AI score0.0155EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/16 4:23 p.m.5 views

Glances exposes the REST API without authentication

Summary Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys, tokens to any network client. Details Root Cause: Authentication is...

8.7CVSS5.8AI score0.0155EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/14 12:0 a.m.4 views

PT-2026-25844

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.2 Description Glances, a system cross-platform monitoring tool, has an issue where the web server runs without authentication by default when started with glances -w. This exposes a REST API containing sensitive...

8.7CVSS5.9AI score0.0155EPSS
Exploits1References28
Snyk
Snyk
added 2026/03/13 8:55 p.m.3 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via insufficient access control in the command handler. An attacker can gain unauthorized access to privileged configuration and debugging interfaces by sending...

8.8CVSS5.9AI score0.00251EPSS
Exploits0References2
OSV
OSV
added 2026/03/13 10:31 a.m.7 views

MAL-2026-1408 Malicious code in nai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a9e4650a322afd07ff77c3f934248e52f477f2d1cebd0c84b1074bdba1142efe Package is a hacking tool that not only abuses 3rd-party services but also silently exfiltrates credentials the user uses to log in there. The provided account...

5.8AI score
Exploits0References1
EUVD
EUVD
added 2026/03/12 6:30 p.m.7 views

EUVD-2026-11633

A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs...

6.9CVSS5.8AI score0.00268EPSS
Exploits0References2
NVD
NVD
added 2026/03/12 6:16 p.m.11 views

CVE-2026-28254

A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs...

7.5CVSS0.00268EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/12 5:29 p.m.5 views

CVE-2026-28254 Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge

A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs...

6.9CVSS5.8AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/11 6:30 p.m.4 views

EUVD-2026-11221

A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...

6.1CVSS6AI score0.00207EPSS
Exploits0References2
NVD
NVD
added 2026/03/11 5:16 p.m.7 views

CVE-2026-20116

A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...

6.1CVSS0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 4:31 p.m.26 views

CVE-2026-20116 Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities

A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...

6.1CVSS0.00207EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/11 4:21 p.m.7 views

SUSE CVE-2026-0846

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS5.8AI score0.00428EPSS
Exploits1References3
Cisco
Cisco
added 2026/03/11 4:0 p.m.20 views

Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an...

6.1CVSS6AI score0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24600

Name of the Vulnerable Software and Affected Versions Honeywell IQ4x building management controller affected versions not specified Description The Honeywell IQ4x building management controller exposes its full web-based Human Machine Interface HMI without authentication in its factory-default...

10CVSS5.9AI score0.05585EPSS
Exploits1References12
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.6 views

Cisco多款产品 跨站脚本漏洞

Cisco Finesse is a product of the American company Cisco. Cisco Finesse is a call center management software suite. Cisco Unified Contact Center Enterprise is a unified contact center solution. Cisco Packaged Contact Center Enterprise is a customer contact center system. Several Cisco products ha...

6.1CVSS5.6AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/09 9:31 p.m.8 views

EUVD-2026-10350

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS5.9AI score0.00428EPSS
Exploits1References2
Rows per page
Query Builder