Lucene search
K

8 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-62327

9Router through version 0.4.41 contains an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit th...

9.3CVSS0.00371EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/06/17 1:51 p.m.19 views

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence AI provider keys. "Every plugin poses as an AI coding assistant built on DeepSeek and other lar...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/10 7:22 p.m.6 views

CVE-2026-39943

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...

6.5CVSS5.9AI score0.0017EPSS
Exploits0References1
NVD
NVD
added 2026/01/09 10:15 a.m.9 views

CVE-2025-13781

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations...

6.5CVSS0.00406EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/09 10:3 a.m.26 views

CVE-2025-13781 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations...

6.5CVSS0.00406EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-30981

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.00177EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/09/24 3:49 p.m.7 views

CVE-2025-10360

In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled t...

6.9CVSS5.5AI score0.00177EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.6 views

PT-2025-39287

Name of the Vulnerable Software and Affected Versions Puppet Enterprise versions 2025.4.0 through 2025.5 Description The encryption key for the Infra Assistant database was not excluded from Puppet backups in Puppet Enterprise. This key is only present if a Puppet Enterprise Advanced license is...

6.9CVSS6.6AI score0.00177EPSS
Exploits0References5
Rows per page
Query Builder