Lucene search
K

2324 matches found

Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-59712 Leantime - Credential Disclosure via Unauthenticated JSON-RPC users.getUser Method

Leantime's Users::getUser method in the JSON-RPC API lacks proper authorization checks, allowing authenticated users to retrieve full user credential rows including password hashes, TOTP secrets, and session tokens. Attackers can exploit this by calling users.getUser with arbitrary user IDs to...

8.6CVSS6AI score0.0025EPSS
Exploits0References4
NVD
NVD
added 2 days ago4 views

CVE-2026-24013

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

9.1CVSS0.00406EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-55524

Name of the Vulnerable Software and Affected Versions Eclipse Theia versions 1.26.0 and later Description The backend /services/request-service RPC accepts a URL controlled by an attacker from any client connected to the standard /services messaging endpoint. The server performs the HTTP request...

8.5CVSS6.1AI score0.00297EPSS
Exploits0References7
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41422

LobeChat through 2.2.9 server-database deployments are vulnerable to broken object-level authorization in MessageModel. The updateMessagePlugin, updatePluginState, updatePluginError, updateTTS and updateTranslate methods filter target rows by message id alone, omitting the userId scope that sibli...

6CVSS5.8AI score0.00154EPSS
Exploits0References2
CVE
CVE
added 6 days ago13 views

CVE-2026-58580

LobeChat up to version 2.2.9 is affected by broken object-level authorization in MessageModel. An authenticated user who knows another user’s non-enumerable message identifier can overwrite that victim’s plugin tool‑call metadata, plugin state/error, and TTS/translation records via tRPC message p...

6CVSS5.8AI score0.00154EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.22 views

CVE-2026-56300 Capgo - Unauthenticated API Key Validity and Permission Oracle via RPC Functions

Capgo before 12.128.2 contains unauthenticated security definer RPC functions getuserid and getorgpermforapikey that expose API key validity oracles and user UUID disclosure. Unauthenticated attackers using the public API key can validate leaked keys, enumerate users and apps, and determine...

8.7CVSS0.00349EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 7:16 p.m.10 views

CVE-2026-13757

A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...

6.2CVSS0.0012EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 7:16 p.m.5 views

UBUNTU-CVE-2026-13757

A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...

6.2CVSS5.8AI score0.0012EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 6:44 p.m.7 views

EUVD-2026-40173

A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...

6.2CVSS5.8AI score0.0012EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/29 6:44 p.m.7 views

CVE-2026-13757

A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...

6.2CVSS5.8AI score0.0012EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rxrpc: Fix the ACK parser to extract the SACK table for parsing Fix modification of the received skbuff in rxrpcinputsoftacks and a potential incorrect access o...

9.8CVSS6.2AI score0.00497EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 6:37 p.m.3 views

Security Bulletin: IBM Terracotta is affected by a Micrometer vulnerability that could allow Denial of Service (Dos) attacks

Summary IBM Terracotta uses Micrometer, a popular Java library used in Spring applications, for application monitoring within the product. Vulnerability Details CVEID:CVE-2026-40983 DESCRIPTION: In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a...

7.5CVSS5.8AI score0.00573EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 5:52 p.m.5 views

CVE-2026-47207

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an extproc server sends a single gRPC message containing multiple, specially crafted ProcessingResponse messages. This can occur when the...

6.5CVSS5.7AI score0.00444EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/26 5:52 p.m.8 views

EUVD-2026-39826

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an extproc server sends a single gRPC message containing multiple, specially crafted ProcessingResponse messages. This can occur when the...

6.5CVSS5.7AI score0.00444EPSS
Exploits1References1
NVD
NVD
added 2026/06/26 11:16 a.m.9 views

CVE-2026-13325

A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces 0.0.0.0/:: on a random port with no authentication, peer allow-list, or handshake toke...

8.5CVSS0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 11:16 a.m.3 views

UBUNTU-CVE-2026-57918

libnfs through 6.0.2 before 935b8db has an xid integer underflow in READIOVEC in rpcreadfromsocket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker...

7.1CVSS5.8AI score0.00195EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 1:11 a.m.9 views

EUVD-2026-39600

A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked...

4.3CVSS5.8AI score0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 1:11 a.m.37 views

CVE-2026-50741

Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as type, or using the ox.setChannelTargeting XML-RPC API method...

8.8CVSS0.02734EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52651

Name of the Vulnerable Software and Affected Versions Revive Adserver version 6.0.7 Description An authentication bypass exists in the XML-RPC API. The ox.login method returns a session ID cookie in the HTTP headers even when the method returns an error. Because the associated session is not...

4.3CVSS5.8AI score0.00173EPSS
Exploits0References7
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5667 CoreDNS has TSIG authentication bypass on gRPC and QUIC transports in github.com/coredns/coredns

CoreDNS has TSIG authentication bypass on gRPC and QUIC transports in github.com/coredns/coredns...

9.8CVSS5.8AI score0.0051EPSS
Exploits1References3
Rows per page
Query Builder