Lucene search
+L

11 matches found

osv
osv
added 2026/04/01 9:17 p.m.2 views

DEBIAN-CVE-2026-34531

Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token...

8.2CVSS5.6AI score0.00324EPSS
Exploits0References1
nvd
nvd
added 2026/04/01 9:17 p.m.7 views

CVE-2026-34531

Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token...

8.2CVSS0.00324EPSS
Exploits0References4
cve
cve
added 2026/04/01 8:44 p.m.29 views

CVE-2026-34531

CVE-2026-34531 affects Flask-HTTPAuth (Python package) and concerns the token verification callback receiving an empty string when a request targets a token-protected resource without a token or with an empty token. This could allow authentication against any user whose token is an empty string. ...

8.2CVSS5.8AI score0.00324EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2026/03/27 7:19 p.m.25 views

CVE-2026-34391 Fleet Vulnerable to Windows MDM cross-device command disclosure

Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets...

8.7CVSS0.00161EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/07 7:59 a.m.5 views

CVE-2026-25877

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks based solely on the projectid parameter when handling chart-related operations update, delete, etc...

6.5CVSS5.8AI score0.00286EPSS
Exploits1References1
nvd
nvd
added 2026/03/06 5:16 a.m.7 views

CVE-2026-25887

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has been patched in version 4.8.1...

7.2CVSS0.00839EPSS
Exploits1References2
nvd
nvd
added 2025/11/18 11:15 p.m.34 views

CVE-2025-64325

Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has...

9CVSS0.00377EPSS
Exploits1References1
osv
osv
added 2025/11/18 10:32 p.m.8 views

CVE-2025-64325 Emby Server is Vulnerable to Remote Code Execution Through XSS in Admin Dashboard

Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has...

8.4CVSS5.8AI score0.00377EPSS
Exploits1References3
cve
cve
added 2025/09/11 5:55 p.m.125 views

CVE-2025-58065

CVE-2025-58065 (Flask-AppBuilder) : Prior to v4.8.1, when using non-database authentication (OAuth/LDAP, etc.), the password reset endpoint remains registered and accessible even if not shown in the UI. This can let an enabled user reset their password and obtain JWTs, potentially bypassing deact...

6.5CVSS6.8AI score0.00376EPSS
Exploits0References4Affected Software1
patchstack
patchstack
added 2024/06/28 7:22 a.m.6 views

WordPress Featured Image from URL (FIFU) plugin <= 4.8.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Featured Image from URL versions = 4.8.1...

5.3CVSS7AI score0.0035EPSS
Exploits0Affected Software1
cnnvd
cnnvd
added 2023/05/09 12:0 a.m.4 views

FICO Origination Manager 跨站脚本漏洞

FICO Origination Manager FICO OM is a comprehensive customer origination platform from FICO USA, Inc. designed to enable both large and small organizations to maximize returns and control costs, and provide strong customer engagement. A security vulnerability exists in FICO Origination Manager...

5.4CVSS6.1AI score0.0047EPSS
Exploits2References5
Rows per page
Query Builder