Lucene search
K

34 matches found

EUVD
EUVD
added 4 days ago5 views

EUVD-2026-40146

A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into the configured tool path and parses the resulting string as a relative URL. While it checks that the...

9.3CVSS5.8AI score0.00374EPSS
Exploits0References1
CVE
CVE
added 4 days ago7 views

CVE-2026-11720

The CVE-2026-11720 entry describes a path traversal flaw in the HTTP tool URL builder of googleapis/mcp-toolbox. User-controlled pathParams are substituted into a configured tool path and then parsed as a relative URL; while scheme/host/user info are checked, final resolution uses ResolveReferenc...

9.3CVSS5.8AI score0.00374EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.13 views

PT-2026-46988

Name of the Vulnerable Software and Affected Versions Omni affected versions not specified Description An authenticated Operator can perform a same-host path traversal by exploiting the managementServer.CreateSchematic internal/backend/grpc/schematics.go function. The issue occurs because the...

2.7CVSS5.9AI score0.00043EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.11 views

CVE-2026-42333

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security...

6.3CVSS5.7AI score0.004EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/09 7:16 p.m.11 views

CVE-2026-42333

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security...

6.3CVSS5.7AI score0.004EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:41 p.m.5 views

Weblate: Improper access control for the translation memory in API

Impact The translation memory API exposed unintended endpoints, which in turn didn't do proper access control. Patches https://github.com/WeblateOrg/weblate/pull/18513 Workarounds Blocking access to /api/memory/ in the HTTP server removes access to this feature. References This issue was reported...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/16 8:41 p.m.4 views

GHSA-MPF5-3VPH-Q75R Weblate: Improper access control for the translation memory in API

Impact The translation memory API exposed unintended endpoints, which in turn didn't do proper access control. Patches https://github.com/WeblateOrg/weblate/pull/18513 Workarounds Blocking access to /api/memory/ in the HTTP server removes access to this feature. References This issue was reported...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References5
OSV
OSV
added 2025/12/15 7:37 p.m.3 views

GO-2025-4200 Mattermost Server allows attackers to gain privileges by accessing unintended API endpoints with users' credentials in github.com/mattermost/mattermost-server

Mattermost Server allows attackers to gain privileges by accessing unintended API endpoints with users' credentials in github.com/mattermost/mattermost-server...

9.8CVSS7.1AI score0.01175EPSS
Exploits0References3
OSV
OSV
added 2025/10/22 5:15 p.m.5 views

CVE-2025-22172

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read external reports without the required permission...

4.3CVSS5.7AI score0.00188EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2601

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00244EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-3183

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00369EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:29 a.m.7 views

CVE-2024-43377

Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2...

5.4CVSS6.5AI score0.00244EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:25 a.m.21 views

CVE-2023-49273

Umbraco is an ASP.NET content management system CMS. Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges Editor, etc. are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue...

5.4CVSS6.8AI score0.00369EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/08/20 6:32 p.m.24 views

Umbraco CMS Improper Access Control vulnerability

Impact As an authenticated user one can access a few unintended endpoints Explanation of the vulnerability Few endpoints in Umbraco Management API was not protected by a specific section. These just required you to be authenticated. Due to the fact that a member is also just authenticated, it was...

5.4CVSS4.7AI score0.00244EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2024/08/20 6:32 p.m.2 views

Improper Access Control

Overview Affected versions of this package are vulnerable to Improper Access Control due to missing authorization requirements. An authenticated attacker can access unintended endpoints by exploiting the vulnerability. Remediation Upgrade Umbraco.Cms.Api.Management to version 14.1.2 or higher...

5.4CVSS6.8AI score0.00244EPSS
Exploits0References2
OSV
OSV
added 2024/08/20 6:32 p.m.12 views

GHSA-HRWW-X3FQ-XCVH Umbraco CMS Improper Access Control vulnerability

Impact As an authenticated user one can access a few unintended endpoints Explanation of the vulnerability Few endpoints in Umbraco Management API was not protected by a specific section. These just required you to be authenticated. Due to the fact that a member is also just authenticated, it was...

6.3CVSS4.7AI score0.00244EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.7 views

PT-2024-30539 · Umbraco · Umbraco Cms

Name of the Vulnerable Software and Affected Versions: Umbraco CMS versions prior to 14.1.2 Description: The issue allows an authenticated user to access a few unintended endpoints. This is because a few endpoints in the Umbraco Management API were not properly protected, requiring only...

6.3CVSS6.8AI score0.00244EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/08/20 12:0 a.m.5 views

Umbraco 安全漏洞

Umbraco is an open source content management system CMS written in C from Umbraco, Denmark. A security vulnerability exists in Umbraco versions prior to 14.1.2 that stems from an authenticated user having access to some unintended endpoints...

5.4CVSS6.2AI score0.00244EPSS
Exploits0References3
OSV
OSV
added 2024/08/05 5:15 a.m.6 views

CVE-2024-41889

Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker...

9.8CVSS7.4AI score0.0064EPSS
Exploits0References3
NVD
NVD
added 2024/08/05 5:15 a.m.36 views

CVE-2024-41889

Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker...

9.8CVSS0.0064EPSS
Exploits0References3
Rows per page
Query Builder