Lucene search
+L

12 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-57219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the obsolete GET /api/auth endpoint can disclose the OAuth 2 client...

8.7CVSS6.2AI score0.00359EPSS
Exploits0References2
OSV
OSV
added last week2 views

UBUNTU-CVE-2026-57219

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the obsolete GET /api/auth endpoint can disclose the OAuth 2 client secret on RabbitMQ installations configured with management.oauthclientsecret, exposing credentials to unauthenticated callers when the...

8.7CVSS6.1AI score0.00359EPSS
Exploits0References8
OSV
OSV
added last week4 views

CVE-2026-57219 RabbitMQ: Unauthenticated disclosure of OAuth client credentials via an HTTP API endpoint with certain less common OAuth 2 configurations

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the obsolete GET /api/auth endpoint can disclose the OAuth 2 client secret on RabbitMQ installations configured with management.oauthclientsecret, exposing credentials to unauthenticated callers when the...

8.7CVSS6.1AI score0.00359EPSS
Exploits0References8
Cvelist
Cvelist
added last week35 views

CVE-2026-57219 RabbitMQ: Unauthenticated disclosure of OAuth client credentials via an HTTP API endpoint with certain less common OAuth 2 configurations

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the obsolete GET /api/auth endpoint can disclose the OAuth 2 client secret on RabbitMQ installations configured with management.oauthclientsecret, exposing credentials to unauthenticated callers when the...

8.7CVSS0.00359EPSS
Exploits0References6
CVE
CVE
added last week97 views

CVE-2026-57219

RabbitMQ suffers an unauthenticated disclosure vulnerability in the management API: the obsolete GET /api/auth endpoint can reveal the OAuth 2 client secret on installations configured with management.oauth_client_secret prior to versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6. The issue arises when ...

8.7CVSS6.1AI score0.00359EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/25 10:34 p.m.3 views

GO-2026-5710 Prometheus Azure AD remote write OAuth client secret exposed via config API in github.com/prometheus/prometheus

Prometheus Azure AD remote write OAuth client secret exposed via config API in github.com/prometheus/prometheus...

7.5CVSS5.9AI score0.00326EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.10 views

CVE-2026-44653

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only VIEW access to an MCP server can retrieve the server's decrypted admin-managed secrets through GET /api/mcp/servers and GET /api/mcp/servers/:serverName. The returned...

6.5CVSS5.4AI score0.00276EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.20 views

PT-2026-45882

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4 Description Users with only VIEW access to an MCP server can retrieve decrypted admin-managed secrets. This occurs through the endpoints "/api/mcp/servers" and "/api/mcp/servers/:serverName", where the returne...

6.5CVSS5.8AI score0.00276EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-0426

Malware in sbrugna...

7.5CVSS7.4AI score0.02016EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-34373

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00619EPSS
Exploits2References2
OSV
OSV
added 2022/09/05 1:15 p.m.5 views

CVE-2022-2083

The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth clientsecret, which could be used by attackers to gain unauthorized access to the site...

7.5CVSS5.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/09/05 1:15 p.m.2 views

CVE-2022-2083

The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth clientsecret, which could be used by attackers to gain unauthorized access to the site...

7.5CVSS5.9AI score0.00619EPSS
Exploits2References3
Rows per page
Query Builder