34 matches found
EUVD-2026-40146
A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into the configured tool path and parses the resulting string as a relative URL. While it checks that the...
CVE-2026-11720
The CVE-2026-11720 entry describes a path traversal flaw in the HTTP tool URL builder of googleapis/mcp-toolbox. User-controlled pathParams are substituted into a configured tool path and then parsed as a relative URL; while scheme/host/user info are checked, final resolution uses ResolveReferenc...
PT-2026-46988
Name of the Vulnerable Software and Affected Versions Omni affected versions not specified Description An authenticated Operator can perform a same-host path traversal by exploiting the managementServer.CreateSchematic internal/backend/grpc/schematics.go function. The issue occurs because the...
CVE-2026-42333
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security...
CVE-2026-42333
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security...
Weblate: Improper access control for the translation memory in API
Impact The translation memory API exposed unintended endpoints, which in turn didn't do proper access control. Patches https://github.com/WeblateOrg/weblate/pull/18513 Workarounds Blocking access to /api/memory/ in the HTTP server removes access to this feature. References This issue was reported...
GHSA-MPF5-3VPH-Q75R Weblate: Improper access control for the translation memory in API
Impact The translation memory API exposed unintended endpoints, which in turn didn't do proper access control. Patches https://github.com/WeblateOrg/weblate/pull/18513 Workarounds Blocking access to /api/memory/ in the HTTP server removes access to this feature. References This issue was reported...
GO-2025-4200 Mattermost Server allows attackers to gain privileges by accessing unintended API endpoints with users' credentials in github.com/mattermost/mattermost-server
Mattermost Server allows attackers to gain privileges by accessing unintended API endpoints with users' credentials in github.com/mattermost/mattermost-server...
CVE-2025-22172
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read external reports without the required permission...
EUVD-2024-2601
Malicious code in bioql PyPI...
EUVD-2023-3183
Malicious code in bioql PyPI...
CVE-2024-43377
Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2...
CVE-2023-49273
Umbraco is an ASP.NET content management system CMS. Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges Editor, etc. are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue...
Umbraco CMS Improper Access Control vulnerability
Impact As an authenticated user one can access a few unintended endpoints Explanation of the vulnerability Few endpoints in Umbraco Management API was not protected by a specific section. These just required you to be authenticated. Due to the fact that a member is also just authenticated, it was...
Improper Access Control
Overview Affected versions of this package are vulnerable to Improper Access Control due to missing authorization requirements. An authenticated attacker can access unintended endpoints by exploiting the vulnerability. Remediation Upgrade Umbraco.Cms.Api.Management to version 14.1.2 or higher...
GHSA-HRWW-X3FQ-XCVH Umbraco CMS Improper Access Control vulnerability
Impact As an authenticated user one can access a few unintended endpoints Explanation of the vulnerability Few endpoints in Umbraco Management API was not protected by a specific section. These just required you to be authenticated. Due to the fact that a member is also just authenticated, it was...
PT-2024-30539 · Umbraco · Umbraco Cms
Name of the Vulnerable Software and Affected Versions: Umbraco CMS versions prior to 14.1.2 Description: The issue allows an authenticated user to access a few unintended endpoints. This is because a few endpoints in the Umbraco Management API were not properly protected, requiring only...
Umbraco 安全漏洞
Umbraco is an open source content management system CMS written in C from Umbraco, Denmark. A security vulnerability exists in Umbraco versions prior to 14.1.2 that stems from an authenticated user having access to some unintended endpoints...
CVE-2024-41889
Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker...
CVE-2024-41889
Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker...