Lucene search
+L

2299 matches found

SUSE CVE
SUSE CVE
added yesterday5 views

SUSE CVE-2024-10006

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using Headers in L7 traffic intentions could bypass HTTP header based access rules...

5.8CVSS7.1AI score0.00473EPSS
Exploits0References5
CVE
CVE
added yesterday9 views

CVE-2026-62230

Grav

8.7CVSS6.1AI score0.00282EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60783

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs,...

5.3CVSS5.4AI score
Exploits0References6
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-49353 9Router: Local-Only Access Gate Bypass in 9router via Host Header SpoofING

9Router is an AI router & token saver. In 0.4.45 and earlier, 9Router's src/dashboardGuard.js local-only access gate used Host and Origin headers in isLocalRequest to protect /api/mcp/, /api/tunnel/, and /api/cli-tools/, allowing header spoofing in reverse proxy or tunnel deployments to reach MCP...

7.5CVSS0.00357EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-56352 n8n - Arbitrary File Read and Execution via ExecuteWorkflow localFile Parameter

n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by other file-reading nodes. Although hidden from the UI since v1.2, it remains reachable via the RE...

6.4CVSS0.00248EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-61952

Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through = 1.8.21...

4.9CVSS0.00193EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 9:46 p.m.8 views

CVE-2026-15079

The CVE-2026-15079 entry concerns the Drupal Login Disable module, affected on versions 0.0.0 through 2.1.4. The underlying issue is an improper restriction of excessive authentication attempts, which can enable brute-force login attempts to bypass protection. The attack surface is the Drupal log...

5.4CVSS6.1AI score0.00209EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 9:46 p.m.19 views

CVE-2026-58590

FlowDrop for Drupal is affected by a Missing Authorization vulnerability that enables forceful browsing. Publicly reported details cover FlowDrop versions 0.0.0 through 1.6.0 as vulnerable. The root cause is insufficient access checks, allowing unauthorized navigation to access resources. The iss...

5.4CVSS6.1AI score0.0023EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/10 9:46 p.m.32 views

CVE-2026-58589 FlowDrop - Moderately critical - Access bypass - SA-CONTRIB-2026-067

Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0...

0.0023EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 9:46 p.m.19 views

CVE-2026-58589

CVE-2026-58589 describes a Missing Authorization vulnerability in Drupal FlowDrop (FlowDrop versions 0.0.0 to 1.6.0) allowing forceful browsing to access endpoints without proper permissions. The issue affects the FlowDrop module used for AI-driven workflows via a chat interface, where endpoints ...

5.4CVSS6.1AI score0.0023EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/10 9:44 p.m.10 views

CVE-2026-13241

Summary: CVE-2026-13241 describes a Missing Authorization vulnerability in Drupal Paragraphs (affecting Paragraphs 0.0.0 – 1.21.0) compounded by the Paragraphs Library module. The issue allows forceful browsing because access to direct child paragraphs of library items via API endpoints is not su...

6.5CVSS6.1AI score0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 9:44 p.m.32 views

CVE-2026-13241 Paragraphs - Moderately critical - Access bypass - SA-CONTRIB-2026-061

Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0...

0.00159EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 9:44 p.m.9 views

CVE-2026-13239

Summary: CVE-2026-13239 describes a Missing Authorization vulnerability in WissKI, enabling forceful browsing via the wisski mirador submodule. Affected software: WissKI versions 0.0.0 through 4.2.0. Root cause (per documents): insufficient access checks when parameters are submitted through a ro...

6.5CVSS6.1AI score0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 9:44 p.m.34 views

CVE-2026-13239 WissKI - Critical - Access bypass - SA-CONTRIB-2026-059

Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0...

0.00159EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 9:44 p.m.15 views

CVE-2026-13238

CVE-2026-13238 describes an incorrect authorization flaw in Drupal Commerce Realex / Global Payments. The issue permits forceful browsing when the gateway is configured with the redirect payment method, due to insufficient verification of the payment response from Global Payments. Affected versio...

4.8CVSS6.1AI score0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 9:44 p.m.34 views

CVE-2026-13238 Commerce Realex / Global Payments - Moderately critical - Access Bypass - SA-CONTRIB-2026-058

Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...

0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 9:44 p.m.34 views

CVE-2026-13237 AI Agents - Moderately critical - Information disclosure, Access bypass - SA-CONTRIB-2026-057

Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

0.00168EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 9:44 p.m.12 views

CVE-2026-13237

CVE-2026-13237 affects Drupal AI Agents (versions 0.0.0–1.1.4, 1.2.0–1.2.5, 1.3.0–1.3.1). Root cause: Incorrect Authorization allowing Forceful Browsing, potentially enabling information disclosure and minor integrity concerns. The issue is documented across multiple sources (Drual SA-CONTRIB-202...

4.8CVSS6.1AI score0.00168EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/10 9:44 p.m.13 views

CVE-2026-13236

The CVE CVE-2026-13236 concerns a Missing Authorization issue in Drupal AI Agents that enables forceful browsing. Technical details across connected sources show that the vulnerability resides in the Drupal AI Agents module, where the tool-loading path does not sufficiently verify permissions on ...

4.2CVSS6.1AI score0.00145EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/07/10 9:44 p.m.6 views

CVE-2026-13235 AI (Artificial Intelligence) - Moderately critical - Access bypass - SA-CONTRIB-2026-055

Missing Authorization vulnerability in Drupal AI Artificial Intelligence allows Forceful Browsing. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...

3.3CVSS6.1AI score0.00161EPSS
Exploits0References5
Rows per page
Query Builder