Lucene search
K

149 matches found

NVD
NVD
added 5 days ago9 views

CVE-2026-59720

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts does not persist the isPublic input field while schema.prisma defaults isPublic to true, causing mock servers linked to private collections to be publicly accessible without...

7.5CVSS0.00336EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-59720 Hoppscotch: Insecure Default Configuration Allows Public Exposure of Private Collection Data via Mock Server

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts does not persist the isPublic input field while schema.prisma defaults isPublic to true, causing mock servers linked to private collections to be publicly accessible without...

7.5CVSS0.00336EPSS
Exploits0References4
CVE
CVE
added 5 days ago10 views

CVE-2026-59720

Hoppscotch’s Mock API exposes private collection data due to a desync: mock-server.service.ts does not persist the isPublic input, while schema.prisma defaults isPublic to true, making mock servers linked to private collections publicly accessible without authentication. The vulnerability affects...

7.5CVSS5.9AI score0.00336EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-291 Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication

Summary In backpropagate = 1.1.0, the optional Reflex web UI pip install backpropagateui, launched via backprop ui exposes a training control plane: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and HuggingFace Hub push. The CLI accepts two operator-facing...

9.3CVSS6.1AI score0.00324EPSS
Exploits0References6
OSV
OSV
added 2026/06/26 8:34 p.m.5 views

GHSA-F65R-H4G3-3H9H Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication

Summary In backpropagate = 1.1.0, the optional Reflex web UI pip install backpropagateui, launched via backprop ui exposes a training control plane: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and HuggingFace Hub push. The CLI accepts two operator-facing...

9.3CVSS6.1AI score0.00324EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:53 p.m.6 views

CVE-2026-44622

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS5.8AI score0.00248EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 9:16 a.m.11 views

CVE-2026-7542

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions 7.0 to 7.0.10. This is due to three compounding design flaws: 1 the plugin leaks a valid backend AJAX nonce revslideractions to all authenticated users including Subscribers via the adminfoote...

6.5CVSS0.00252EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 7:16 a.m.14 views

CVE-2026-49193

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

8.7CVSS0.00245EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 6:17 a.m.26 views

CVE-2026-49193

Technical details about CVE-2026-49193 are not publicly available in the provided documents; monitor for updates from official sources.

8.7CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 6:17 a.m.7 views

CVE-2026-49193

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

8.7CVSS5.8AI score0.00245EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46151

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

8.7CVSS5.8AI score0.00245EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/29 12:9 p.m.17 views

CVE-2026-9508 Incorrect Permission Assignment for Critical Resource vulnerability in Suprema's BioStar

Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...

10CVSS5.8AI score0.00341EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 12:9 p.m.9 views

CVE-2026-9508

Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...

10CVSS5.8AI score0.00341EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/04 1:16 p.m.7 views

CVE-2026-7482

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS0.01001EPSS
Exploits3References3
EUVD
EUVD
added 2026/05/04 12:38 p.m.10 views

EUVD-2026-26949

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS5.8AI score0.01001EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2026/04/15 7:15 p.m.6 views

CVE-2025-41118 Sensitive COS `SecretKey` exposed in plaintext via configuration API due to missing type protection

Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...

9.1CVSS5.8AI score0.00406EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/15 6:31 p.m.4 views

EUVD-2026-22941

LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When...

8.6CVSS6.5AI score0.00472EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/10 1:24 a.m.2 views

CVE-2026-4057 Download Manager <= 3.3.51 - Missing Authorization to Authenticated (Contributor+) Media File Protection Removal

The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makeMediaPublic and makeMediaPrivate functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for editposts capability...

4.3CVSS5.8AI score0.00373EPSS
Exploits0References7
OSV
OSV
added 2026/04/09 5:0 p.m.2 views

CVE-2026-5970 FoundationAgents MetaGPT HumanEvalBenchmark/MBPPBenchmark check_solution code injection

A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function checksolution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. Th...

6.9CVSS6.7AI score0.00387EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2026/04/06 10:54 p.m.8 views

PocketMine-MP: LogDoS by large complex unknown property logging in clientData in LoginPacket

Impact Attackers can put large and/or complex structures as a value to an unknown property in the clientData JWT body in the Minecraft LoginPacket, causing the server to generate very long log messages. Additionally, the property name is logged without any length limitations or sanitization, whic...

5.9AI score
Exploits0References5Affected Software1
Rows per page
Query Builder