Lucene search
K

1100 matches found

Snyk
Snyk
added 2026/06/16 8:13 p.m.6 views

Use of Hard-coded Credentials

Overview Crawl4AI is a 🚀🤖 Crawl4AI: Open-source LLM Friendly Web Crawler & scraper Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the outputpath parameter, which allows arbitrary filesystem paths without validation. An attacker can overwrite or create files ...

9.8CVSS6.1AI score0.00521EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/10 5:34 p.m.13 views

EUVD-2026-36073

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, HTTPTriggerSpec.Validate validated Methods, FunctionReference, Host, IngressConfig, and CorsConfig, but silently skipped RelativeU...

4.3CVSS5.4AI score0.00227EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 12:31 a.m.12 views

EUVD-2026-35885

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

5.9CVSS5.5AI score0.00223EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 7:35 a.m.38 views

CVE-2026-34905 Apache Answer: Unlisted Questions Accessible via Direct API Access

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted...

0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.13 views

CVE-2026-41057

WWBN AVideo is an open source video platform. In versions 29.0 and below, the CORS origin validation fix in commit 986e64aad is incomplete. Two separate code paths still reflect arbitrary Origin headers with credentials allowed for all /api/ endpoints: 1 plugin/API/router.php lines 4-8...

7.1CVSS5.6AI score0.00132EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.11 views

CVE-2026-24177

NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without authorization. A successful exploit of this vulnerability might lead to information disclosure...

7.7CVSS5.4AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-4858

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an arbitrary API via system admin Mattermost auth token using via path traversal in integration action...

9.9CVSS5.5AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-44830

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...

8.7CVSS5.5AI score0.00215EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/06/05 7:50 a.m.8 views

Revive Adserver: XML‑RPC login leak exposes valid session ID enabling unauthorized API access

Vulnerability description not provided...

4.3CVSS5.8AI score0.00173EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:50 p.m.8 views

CVE-2026-40605

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access to delete directories outside the configured cache path. This can cause arbitrary data loss and...

7.1CVSS5.9AI score0.00303EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/03 12:3 a.m.19 views

CVE-2026-45155

A flaw was found in Nextcloud Server. A missing access check at the API Application Programming Interface level could allow an authenticated attacker, who has access to a circle ID from another source, to add unknown circles to other circles. This could lead to the disclosure of circle membership...

2.6CVSS5.6AI score0.002EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 8:31 p.m.13 views

CVE-2026-49443 authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...

8.8CVSS5.7AI score0.00298EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/05/29 7:32 p.m.143 views

Exploit for Improper Privilege Management in Apache Couchdb

Lab7-CVE-2017-12635-12636 I. SYSTEM ANALYSIS Ide...

10CVSS7.8AI score0.99838EPSS
Exploits21
Cvelist
Cvelist
added 2026/05/28 9:30 p.m.41 views

CVE-2026-45023 AutoGPT: Credit system bypassed via direct block execution in POST /api/blocks/{block_id}/execute

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/blockid/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in th...

5.4CVSS0.00222EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Mantis Bug Tracker 安全漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.2 contained a security vulnerability. This vulnerability stemmed from a lack of authorization checks in the file visibility function, allowing authenticated user...

7.2CVSS5.8AI score0.0026EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/27 2:51 a.m.10 views

CVE-2026-2255 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 2:51 a.m.32 views

CVE-2026-2255 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can...

4.3CVSS0.00165EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/22 7:7 p.m.116 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Strapi

CVE-2026-27886 Vulnerability Assessment Tool Safely detect wh...

9.2CVSS5.8AI score0.00612EPSS
Exploits5
CVE
CVE
added 2026/05/20 4:6 p.m.90 views

CVE-2026-20223

Cisco Secure Workload is affected by a vulnerability in the access validation of internal REST APIs that could allow an unauthenticated, remote attacker to access site resources with Site Admin privileges. The issue arises from insufficient validation/authentication when accessing REST API endpoi...

10CVSS5.8AI score0.00835EPSS
Exploits1References1Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Zabbix

A low-privilege regular Zabbix user with API access can exploit the SQL injection vulnerability in the include/classes/api/CApiService.php file to execute arbitrary SQL commands using the groupBy parameter...

8.8CVSS8AI score0.2926EPSS
Exploits0References2
Rows per page
Query Builder