Lucene search
K

7 matches found

NVD
NVD
added 2026/03/31 10:16 p.m.4 views

CVE-2026-34453

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling...

7.5CVSS0.01227EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.6 views

PT-2026-29381

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.2 Description The publish service in SiYuan allows unauthenticated visitors to access bookmarked blocks from password-protected documents. This occurs because the /api/bookmark/getBookmark endpoint, when operating ...

7.5CVSS5.9AI score0.01227EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2026/03/30 6:3 p.m.15 views

AVideo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification

Summary The getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal web playback flow enforces password checks via the CustomizeUser::getModeYouTu...

5.3CVSS6AI score0.00376EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/09/11 5:6 p.m.6 views

CVE-2025-58060 cups has Authentication bypass with AuthType Negotiate

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in...

8CVSS6.9AI score0.00964EPSS
Exploits1References6
OSV
OSV
added 2019/10/29 12:15 p.m.4 views

USN-4167-1 samba vulnerabilities

Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. CVE-2019-10218 Simon...

6.5CVSS6.3AI score0.03515EPSS
Exploits1References4
CNVD
CNVD
added 2019/06/25 12:0 a.m.1 views

Hikvision camera has a logic flaw vulnerability

Hikvision is a video-centric IoT solution provider, offering integrated security, smart business and big data services. A logic flaw vulnerability exists in Hikvision cameras, which can be exploited by an attacker to access the API without entering a password check...

7AI score
Exploits0
OSV
OSV
added 2007/03/13 7:19 p.m.4 views

DEBIAN-CVE-2007-1436

Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring...

7.5CVSS7AI score0.01823EPSS
Exploits0References1
Rows per page
Query Builder