Lucene search
K

263 matches found

Nuclei
Nuclei
added 10 hours ago11 views

Glances - Information Disclosure

Glances 4.5.1 contains an information disclosure vulnerability caused by unfiltered exposure of sensitive configuration data via the /api/4/config REST API endpoint, letting remote attackers access credentials, exploit requires API access. id: CVE-2026-30928 info: name: Glances - Information...

8.7CVSS7.1AI score0.01657EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago8 views

YITH WooCommerce Ajax Search <= 2.4.0 - Cross-Site Scripting

The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'queryString' parameter in the REST API endpoint /ywcas/v1/register in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. id: CVE-2024-4455 info...

7.2CVSS5.9AI score0.0101EPSS
Exploits0References3
OSV
OSV
added 4 days ago5 views

PYSEC-2026-564 OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS7.7AI score0.00763EPSS
Exploits2References8
CVE
CVE
added 2026/06/26 7:39 p.m.12 views

CVE-2026-44732

OpenProject vulnerability CVE-2026-44732 affects the web-based project management tool prior to versions 17.3.2 and 17.4.0. The flaw occurs in the /api/v3/documents/{id} PATCH endpoint, where attacker-controlled attributes are applied to the persisted record before authorization checks, allowing ...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:32 p.m.5 views

CVE-2026-44735

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoint returns share details for ALL work packages in a project to any user with the viewsharedworkpackages permission. The authorization check operates at the project level onl...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:29 p.m.5 views

CVE-2026-49355

OpenProject is open-source, web-based project management software. Prior to 17.4.0, GET /api/v3/meetings/:meetingid/agendaitems/:agendaitemid discloses private work package data from a linked work package that belongs to a private/inaccessible project. This vulnerability is fixed in 17.4.0...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/26 2:16 a.m.9 views

CVE-2026-50744

A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked...

4.3CVSS0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 6:0 a.m.31 views

CVE-2026-10824 Masteriyo LMS < 2.2.1 - Unauthenticated Course Progress Disclosure and Deletion

The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records...

0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 8:1 p.m.19 views

CVE-2026-52815 Gogs: Unauthenticated Organization Teams Information Disclosure via API

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint at internal/route/api/v1/orgteam.go:8 returns all teams for any organization without requiring authentication. The route...

6.9CVSS0.01553EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 12:47 p.m.10 views

CVE-2026-7166

CVE-2026-7166 affects the Assassin game by Gaudire. The API and local database expose sensitive data via the email and telefon fields, including data on minors and municipal users. This unauthenticated remote access could compromise confidentiality (CVSS 4.0 base 9.2, HIGH impact). No exploit or ...

9.2CVSS5.9AI score0.00384EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The supported versions affected by this vulnerability are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK:...

3.7CVSS6.1AI score0.01257EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 8:43 a.m.14 views

CVE-2026-32966

The CVE affects Apache DolphinScheduler prior to 3.4.2. A missing authorization check in the DataSource API allows exposure of arbitrary data source metadata to unauthenticated users, enabling potential disclosure of sensitive information. The issue’s root cause is insufficient access control on ...

9.8CVSS5.2AI score0.0039EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/11 1:28 p.m.13 views

Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token

Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token | Field | Value | | ---------------- | ----- | | Repository | pipeboard-co/meta-ads-mcp | | Affected version | ≤ 1.0.101 commit 496c988 7d14226; Versions 1.0.102–1.0.105 lack git tags, so patch status is unconfirmed. | |...

5.8AI score0.0013EPSS
Exploits0References3Affected Software1
Packet Storm News
Packet Storm News
added 2026/06/11 12:0 a.m.8 views

FortiSandbox Exposure Scanner

This Metasploit auxiliary scanner module performs passive exposure assessment of FortiSandbox deployments by identifying platform fingerprints, collecting publicly accessible version metadata, and evaluating API exposure levels without using exploit functionality. The module validates whether a...

5.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/10 2:20 p.m.11 views

CVE-2026-41283

A flaw was found in OpenStack Mistral. When the API is exposed, a remote attacker can exploit certain endpoints to achieve arbitrary code execution. This allows the attacker to run malicious code on the system and potentially exfiltrate sensitive service credentials. Mitigation Restrict network...

9.9CVSS5.9AI score0.00733EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.8 views

CVE-2026-44413

In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access...

8.2CVSS5.4AI score0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.16 views

PT-2026-46885

Summary A low-privilege admin user with user recovery:read ACL can take over any admin account. The attacker triggers password recovery for the victim unauthenticated endpoint, reads the recovery hash from the Admin API search endpoint, then uses the hash to reset the victim's password another...

6.8CVSS5.8AI score0.00034EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.7 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the fact that the web management panel is widely bound to the public IPv6 address space at port :::8080, with no default firewa...

6.9CVSS5.3AI score0.00234EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.8 views

PT-2026-48694

Several soundness violations exist in the Rust bindings for MetaCall, indicatively: MetaCallException::Clone: Clone is dangerous because it creates a second Rust object that still points to the same foreign MetaCall value, but does not actually own or keep that value alive. value is shallow copie...

5.5AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.29 views

PT-2026-45492

Name of the Vulnerable Software and Affected Versions Vitest versions prior to 4.1.0 Description A flaw in the UI/API server on Windows allows remote attackers to bypass file access restrictions and read arbitrary files when the server is exposed to the network. The issue occurs because the API...

9.8CVSS6.5AI score0.00232EPSS
Exploits0References13
Rows per page
Query Builder