Lucene search
K

814 matches found

EUVD
EUVD
added 2026/03/30 3:32 p.m.2 views

EUVD-2026-17084

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...

8.7CVSS5.8AI score0.00287EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/30 1:17 p.m.2 views

CVE-2026-3321

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...

8.7CVSS5.8AI score0.00287EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/28 4:59 p.m.9 views

CVE-2026-34411

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

6.9CVSS5.9AI score0.00387EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2026/03/28 9:11 a.m.8 views

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 CVSS score: 9.3, refers to a case of insufficient input validation leading to...

9.8CVSS7.3AI score0.99999EPSS
Exploits41
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.3 views

CVE-2026-32111

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network...

5.3CVSS6AI score0.00278EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/16 7:10 a.m.260 views

Exploit for Race Condition in Canonical Ubuntu_Linux

500+ Pentest One-Liners & Commands for Every Hacking Scenario...

10CVSS6.9AI score0.99759EPSS
Exploits507
GithubExploit
GithubExploit
added 2026/03/15 9:22 a.m.133 views

web_vuln_scanner

webvulnscanner A cybersecurity...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/12 2:23 p.m.7 views

GHSA-FMFG-9G7C-3VQ7 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle

Summary The ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional co...

5.3CVSS6AI score0.00278EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/12 2:23 p.m.10 views

EUVD-2026-11383

ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/12 2:23 p.m.15 views

ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle

Summary The ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional co...

5.3CVSS6AI score0.00278EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/11 9:16 p.m.5 views

CVE-2026-32111

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network...

5.3CVSS0.00278EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 8:41 p.m.3 views

CVE-2026-32111

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network...

5.3CVSS6AI score0.00278EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/11 8:41 p.m.28 views

CVE-2026-32111 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network...

5.3CVSS0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 8:41 p.m.4 views

CVE-2026-32111 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network...

5.3CVSS6AI score0.00278EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/11 12:0 a.m.6 views

Microsoft Graph Enterprise Intelligence Collector

This Metasploit auxiliary module interacts with the Microsoft Graph API to perform enterprise intelligence collection. It supports authentication using Azure AD application credentials or an existing access token and enables enumeration of Azure users, SharePoint sites, OneDrive files, and Exchan...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.5 views

The Unofficial and Awesome Home Assistant MCP Server 代码问题漏洞

The Unofficial and Awesome Home Assistant MCP Server is an open-source component of the Unofficial Home Assistant AI Toolkit. It acts as a server that connects smart home platforms with AI assistants. Versions of the Unofficial and Awesome Home Assistant MCP Server prior to version 7.0.0 had code...

5.3CVSS5.9AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-24837

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form beta feature accepts a user-supplied ha url and makes a server-side HTTP request to ha url/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network...

5.3CVSS6AI score0.00278EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/09 5:42 p.m.6 views

EUVD-2026-10171

Parse Server: GraphQL type introspection bypass via inline fragments when public introspection is disabled...

6.9CVSS5.8AI score0.00278EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/03/08 5:34 a.m.438 views

claude-bug-bounty

Claude Bug Bounty Hunter The AI-native bug bounty framework...

6AI score
Exploits0
OSV
OSV
added 2026/03/07 4:24 p.m.9 views

CVE-2026-30854 Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.3.1-alpha.3 to before version 9.5.0-alpha.10, when graphQLPublicIntrospection is disabled, type queries nested inside inline fragments e.g. ... on Query typename:"User" name bypa...

6.9CVSS5.7AI score0.00278EPSS
Exploits0References3
Rows per page
Query Builder