Lucene search
K

289 matches found

RedhatCVE
RedhatCVE
added 2026/02/11 7:30 a.m.9 views

CVE-2026-0490

SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impact on the availability but no impact on th...

7.5CVSS5.5AI score0.00355EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/02/10 12:0 a.m.145 views

📄 Oracle Access Manager 12.2.1.4.0 Insecure Deserialization

Proof of concept exploit for an unauthenticated Java deserialization vulnerability in the OpenSSO Agent component of Oracle Access Manager that allows remote attackers to execute arbitrary commands without authentication. The vulnerability exists in the session handling mechanism of the OpenSSO...

9.8CVSS6.1AI score0.96284EPSS
Exploits5
EUVD
EUVD
added 2026/01/28 3:20 p.m.7 views

EUVD-2025-206333

Next.js has Unbounded Memory Consumption via PPR Resume Endpoint...

5.9CVSS5.9AI score0.00444EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/26 10:49 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Partial Prerendering resume endpoint when unauthenticated POST requests with the Next-Resume: 1 header are processed and attacker-controlled postpon...

8.2CVSS6AI score0.00444EPSS
Exploits0References2
OSV
OSV
added 2026/01/16 9:15 p.m.10 views

GHSA-232V-J27C-5PP6 REC in MCPJam inspector due to HTTP Endpoint exposes

Summary MCPJam inspector is the local-first development platform for MCP servers. The Latest version Versions 1.4.2 and earlier are vulnerable to remote code execution RCE vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leadi...

9.8CVSS8.1AI score0.43671EPSS
Exploits35References4
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.5 views

CVE-2026-22604

OpenProject is an open-source, web-based project management software. For OpenProject versions from 11.2.1 to before 16.6.2, when sending a POST request to the /account/changepassword endpoint with an arbitrary User ID as the passwordchangeuserid parameter, the resulting error page would show the...

6.9CVSS6.8AI score0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/10 1:7 a.m.27 views

CVE-2026-22604 OpenProject is vulnerable to user enumeration via the change password function

OpenProject is an open-source, web-based project management software. For OpenProject versions from 11.2.1 to before 16.6.2, when sending a POST request to the /account/changepassword endpoint with an arbitrary User ID as the passwordchangeuserid parameter, the resulting error page would show the...

6.9CVSS0.00254EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.14 views

CVE-2023-25717

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?loginusername=admin=password$curl substring...

9.8CVSS7.9AI score0.95326EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.11 views

CVE-2021-22984

On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM...

6.1CVSS6.9AI score0.00632EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.11 views

CVE-2024-41922

A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

7.5CVSS6.7AI score0.08072EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:33 a.m.9 views

CVE-2024-39760

Multiple OS command injection vulnerabilities exist in the login.cgi setsysinit functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A comman...

10CVSS8.1AI score0.17378EPSS
Exploits1References1
OSV
OSV
added 2026/01/08 9:28 p.m.6 views

GHSA-3GHG-3787-W2XR Spree API has Unauthenticated IDOR - Guest Address

Summary An Unauthenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an unauthenticated attacker to access guest address information without supplying valid credentials or session cookies. Details During testing, it was observed that all guest users can make a...

7.5CVSS6.8AI score0.00383EPSS
Exploits1References8
OSV
OSV
added 2025/12/30 11:15 p.m.7 views

CVE-2022-50789

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory with .dns.pid extension. Unauthenticated attackers can execute the malicious commands by making a single HTTP POST request to the...

7.8CVSS6AI score0.03744EPSS
Exploits2References5
CVE
CVE
added 2025/12/22 9:35 p.m.15 views

CVE-2023-53974

Affected software: D-Link DSL-124 ME, firmware 1.00. A configuration file disclosure vulnerability allows unauthenticated attackers to download a full backup containing network credentials and configurations via a crafted POST to the router’s configuration endpoint. Root cause: endpoint misconfig...

8.8CVSS6.5AI score0.00448EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/12/22 9:35 p.m.35 views

CVE-2023-53974 D-Link DSL-124 ME_1.00 Backup Configuration File Disclosure via Unauthenticated Request

D-Link DSL-124 ME1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a specific POST request to the router's configuration endpoint to download a complete backup file containing...

8.8CVSS0.00448EPSS
Exploits1References4
Snyk
Snyk
added 2025/12/18 3:45 p.m.4 views

Missing Authentication for Critical Function

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the /api/config endpoint. An attacker can access sensitive system configuration data by sending unauthenticated GET requests to this endpoint. Remediation Ther...

8.7CVSS5.6AI score0.00548EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/18 12:0 a.m.3 views

CVE-2025-63387

Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTTP GET requests to the /console/api/system-features endpoint without any authentication credentials or session tokens. The endpoint fails to implement proper authorization checks, allowing anonymous...

5.5AI score0.28042EPSS
Exploits0References6
NVD
NVD
added 2025/12/12 9:15 p.m.10 views

CVE-2025-14611

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted...

9.8CVSS0.50949EPSS
Exploits3References2
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.6 views

STVS ProVision 跨站请求伪造漏洞

STVS ProVision is an advanced video management system from STVS, Inc. A cross-site request forgery vulnerability exists in STVS ProVision version 5.9.10, which stems from an unauthenticated HTTP request with a cross-site request forgery issue that could lead to the creation of an administrator us...

8.8CVSS6.7AI score0.0017EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.5 views

RockyLinux 8 : idm:DL1 (RLSA-2025:21140)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:21140 advisory. python-kdcproxy: Unauthenticated SSRF via Realm?Controlled DNS SRV CVE-2025-59088 python-kdcproxy: Remote DoS via unbounded TCP upstream buffering...

8.6CVSS5.6AI score0.00511EPSS
Exploits0References5
Rows per page
Query Builder