Lucene search
K

151 matches found

Cvelist
Cvelist
added yesterday13 views

CVE-2026-15557 waooAI waoowaoo Internal Task Header api-auth.ts requireProjectAuthLight improper authentication

A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAuthLight in the library src/lib/api-auth.ts of the component Internal Task Header Handler. This...

7.5CVSS0.00507EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday291 views

OpenMetadata - Authentication Bypass

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request...

9.8CVSS7.1AI score0.73255EPSS
Exploits5References5
Cvelist
Cvelist
added 2026/05/12 3:9 p.m.40 views

CVE-2026-30805 Insecure Default Initialization in API Authentication leads to Authentication Bypass

Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800...

9.1CVSS0.00341EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 3:9 p.m.15 views

CVE-2026-30805 Insecure Default Initialization in API Authentication leads to Authentication Bypass

Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800...

9.1CVSS5.8AI score0.00341EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2026/05/12 2:0 p.m.16 views

Update 26.12 for Microsoft Dynamics 365 Business Central 2025 Release Wave 1 (Application Build 26.12.48244, Platform Build 26.0.48120)

None None...

7.8CVSS5.8AI score0.00272EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/10 7:22 p.m.6 views

CVE-2026-28205

OpenPLCV3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API...

9.8CVSS5.8AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2026/04/07 5:58 p.m.2 views

CVE-2026-39339 ChurchCRM has an API Authentication Bypass

ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication bypass vulnerability in ChurchCRM's API middleware ChurchCRM/Slim/Middleware/AuthMiddleware.php allows unauthenticated attackers to access all protected API endpoints by including "api/public" anywhere...

9.1CVSS6AI score0.01351EPSS
Exploits0References3
OSV
OSV
added 2026/04/03 1:27 p.m.5 views

JLSEC-2026-48

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...

3.7CVSS6.8AI score0.0038EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.5 views

CVE-2026-25771

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service DoS vulnerability exists in the Wazuh API authentication middleware middlewares.py. The application uses an asynchronous event...

7.5CVSS5.9AI score0.00466EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/18 11:8 a.m.8 views

CVE-2025-41258 LibreChat RAG API Authentication Bypass

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API...

8CVSS5.8AI score0.00344EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/17 6:8 p.m.4 views

CVE-2026-25771

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service DoS vulnerability exists in the Wazuh API authentication middleware middlewares.py. The application uses an asynchronous event...

5.3CVSS5.9AI score0.00466EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/17 6:8 p.m.4 views

CVE-2026-25771 Wazuh Vulnerable to Denial of Service via Synchronous I/O Blocking in Asynchronous Authentication Middleware

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service DoS vulnerability exists in the Wazuh API authentication middleware middlewares.py. The application uses an asynchronous event...

5.3CVSS5.9AI score0.00466EPSS
Exploits1References1
Veracode
Veracode
added 2026/03/07 5:8 a.m.7 views

Server-Side Request Forgery

Idno is vulnerable to Server-Side Request Forgery. The vulnerability is due to a logic error in the API authentication flow that bypasses CSRF protection, where the endpoint lacks a login requirement and unauthenticated attackers can trigger arbitrary outbound HTTP requests to any host and retrie...

9.2CVSS6AI score0.00628EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/25 5:25 p.m.2 views

CVE-2026-20129

A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role. The vulnerability is due to improper authentication for requests that are sent to the API. An...

9.8CVSS5.9AI score0.00717EPSS
Exploits0References1
OSV
OSV
added 2026/02/25 5:25 p.m.2 views

CVE-2026-20126

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this...

7.8CVSS5.8AI score0.003EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/25 4:14 p.m.7 views

CVE-2026-20129

A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role. The vulnerability is due to improper authentication for requests that are sent to the API. An...

9.8CVSS5.9AI score0.00717EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/25 4:14 p.m.25 views

CVE-2026-20129 Cisco Catayst SD-WAN Authentication Bypass Vulnerability

A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role. The vulnerability is due to improper authentication for requests that are sent to the API. An...

9.8CVSS0.00717EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.11 views

Bluspark BLUVOYIX 安全漏洞

Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. Bluspark BLUVOYIX suffers from a security vulnerability that stems from improper authentication of the management API, which could lead an attacker to create new users with administrator privileges, which...

10CVSS6.8AI score0.00644EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.7 views

Bluspark BLUVOYIX 安全漏洞

Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. Bluspark BLUVOYIX suffers from a security vulnerability that stems from improper back-end API authentication, which could lead to an attacker gaining full access to customer data and completely compromisi...

10CVSS6.7AI score0.00469EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 8:58 a.m.11 views

CVE-2023-31411

A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App...

9.8CVSS7.3AI score0.00902EPSS
Exploits0References1
Rows per page
Query Builder