Lucene search
K

125 matches found

OSV
OSV
added 2026/02/18 5:21 p.m.2 views

CVE-2025-70146

Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations e.g.,adding records, deleting records via direct HTTP requests to affected endpoints without a...

9.1CVSS5.9AI score0.00452EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.7 views

PT-2026-7851

The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.5AI score0.00266EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/11 10:18 p.m.27 views

CVE-2026-26215 manga-image-translator Shared API Unsafe Deserialization RCE

manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. The FastAPI endpoints /simpleexecute/method and /execute/method deserialize attacker-controlled request bodies using...

9.3CVSS0.00923EPSS
Exploits1References6
OSV
OSV
added 2026/02/11 10:18 p.m.6 views

CVE-2026-26215 manga-image-translator Shared API Unsafe Deserialization RCE

manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. The FastAPI endpoints /simpleexecute/method and /execute/method deserialize attacker-controlled request bodies using...

9.3CVSS6.5AI score0.00923EPSS
Exploits1References9
GithubExploit
GithubExploit
added 2026/02/07 11:31 p.m.287 views

Exploit for CVE-2026-0770

CVE-2026-0770 - Langflow Remote Code Execution Summary La...

9.8CVSS8.7AI score0.33827EPSS
Exploits8
CVE
CVE
added 2026/01/29 6:7 p.m.12 views

CVE-2025-15548

CVE-2025-15548 affects TP-Link VX800v v1.0, where the web interface endpoints transmit sensitive data over unencrypted HTTP due to missing application-layer encryption. This permits a network-adjacent attacker to intercept traffic and compromise confidentiality. Affected product/version: VX800v v...

6.5CVSS5.9AI score0.00068EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/13 4:15 p.m.5 views

CVE-2025-66698

An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints...

8.6CVSS5.8AI score0.00428EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/12/19 3:31 p.m.8 views

pretix has Broken Access Control Allowing Cross-User File Access via UUID

Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

7CVSS6.8AI score0.00226EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/11/18 6:32 p.m.8 views

EUVD-2025-198047

Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information...

5.3CVSS6AI score0.00178EPSS
Exploits0References2
CVE
CVE
added 2025/11/12 7:11 p.m.12 views

CVE-2025-27368

CVE-2025-27368 affects IBM OpenPages 9.0 and 9.1, where insufficient access control on certain OpenPages REST endpoints allows an authenticated user to view system metadata beyond their authorization. The issue stems from weaker than expected REST endpoint security, enabling information disclosur...

4.3CVSS5.5AI score0.00209EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/28 2:34 p.m.3 views

CVE-2025-34305 IPFire < v2.29 Stored XSS via Multiple Methods in cleanhtml()

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...

5.1CVSS5.5AI score0.00453EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.5 views

Moodle 安全漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from mobile and web service authentication endpoints that do not...

7.5CVSS6.7AI score0.00385EPSS
Exploits0References2
CVE
CVE
added 2025/10/21 12:0 a.m.15 views

CVE-2025-60427

LibreTime 3.0.0-alpha.10 (and possibly earlier) is affected by Broken Access Control. A user with the DJ role can access analytics data via the Web UI and direct API calls because the backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of statio...

6.5CVSS5.9AI score0.00378EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/10/12 7:35 a.m.132 views

XSS-Payloads-to-Bypass-WAFs

PoC exploit for XSS payloads to bypass WAFs, specifically target...

6.5AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-7846

Malware in sbrugna...

6.1CVSS6.3AI score0.01058EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/17 7:21 p.m.2 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

9.1CVSS6.8AI score0.00361EPSS
Exploits0References2
Gitee
Gitee
added 2025/09/06 11:51 a.m.135 views

Scanners-Box

This is a collection of open-source scanners from the GitHub platform, including subdomain enumeration, database vulnerability scanners, weak password or information leak scanners, port scanners, fingerprint scanners, and other large-scale scanners. The collection is maintained by We5ter and...

7.8AI score
Exploits0
Cvelist
Cvelist
added 2025/09/03 3:2 p.m.23 views

CVE-2025-58459

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...

0.00258EPSS
Exploits0References1
NVD
NVD
added 2025/08/14 2:15 p.m.21 views

CVE-2024-53945

The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS commands with root privileges via shell metacharacters in parameters such as pincode and cmds...

8.8CVSS0.19045EPSS
Exploits0References3
OSV
OSV
added 2025/07/22 12:0 a.m.5 views

CVE-2025-51458

SQL Injection in editorsqlrun and queryex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary SQL statements via crafted input passed to the /v1/editor/sql/run or /v1/editor/chart/run endpoints, interacting with apieditorv1.editorsqlrun, editorchartrun, and...

6.5CVSS8.5AI score0.00325EPSS
Exploits2References4
Rows per page
Query Builder