Lucene search
K

63 matches found

Cvelist
Cvelist
added 2026/06/30 7:38 p.m.34 views

CVE-2026-12085 IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability

IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attack...

6.5CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:38 p.m.24 views

CVE-2026-12085

IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) are affected by CVE-2026-12085, which allows authenticated users to view sensitive configurations and secrets in API responses. Affected versions include UCD 7.3 through 7.3.2.18 and IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8....

6.5CVSS5.7AI score0.00234EPSS
Exploits0References1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 6:55 p.m.11 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability (CVE-2026-12085)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system. CVE-2026-12085. Vulnerability Details CVEID:CVE-2026-12085 DESCRIPTION: IBM DevOps Deploy coul...

6.5CVSS5.7AI score0.00234EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/23 5:17 p.m.11 views

CVE-2026-55255

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference IDOR vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in...

8.4CVSS0.0056EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.26 views

PT-2026-51099

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.2 Description An Insecure Direct Object Reference IDOR issue exists in the /api/v1/responses endpoint. This occurs because the get flow by id or endpoint name function in src/backend/base/langflow/helpers/flow.py...

8.4CVSS6.3AI score0.0056EPSS
Exploits2References61
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40584

RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web/api/genericapi.py. Because the code removes elements from a list while iterating over it, entries...

7.5CVSS5.5AI score0.00276EPSS
Exploits0References1
OSV
OSV
added 2026/06/03 4:14 p.m.9 views

DRUPAL-CONTRIB-2026-042

This module provides spam protection using the CleanTalk cloud service. The module doesn't sufficiently sanitize API response messages before rendering them in HTML output. The cleantalkdie and ctdie functions output the CleanTalk API response message directly into HTML without proper sanitizatio...

6.1CVSS5.9AI score0.00161EPSS
Exploits0References1
Drupal
Drupal
added 2026/06/03 12:0 a.m.17 views

Anti-Spam by CleanTalk - Moderately critical - Cross site scripting - SA-CONTRIB-2026-042

This module provides spam protection using the CleanTalk cloud service. The module doesn't sufficiently sanitize API response messages before rendering them in HTML output. The cleantalkdie and ctdie functions output the CleanTalk API response message directly into HTML without proper sanitizatio...

5.9AI score0.00161EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/22 10:23 a.m.14 views

CVE-2026-3636 Sanitize team member data returned by API

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to sanitize team member data when returned via API to users without elevated permissions which allows a user without permissions to get data about team members roles via invoking various team API...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References1
NVD
NVD
added 2026/04/29 9:16 a.m.5 views

CVE-2026-42514

This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTPs. Successful exploitation of this vulnerability could allow an attacker to impersonate the target...

8.8CVSS0.00227EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/29 8:17 a.m.5 views

EUVD-2026-26197

This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTPs. Successful exploitation of this vulnerability could allow an attacker to impersonate the target...

8.8CVSS5.5AI score0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/07 2:11 p.m.20 views

CVE-2026-5375 runZero Platform API credential information leak

An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, and has an estimated CVSS score of...

2.7CVSS0.002EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/25 6:31 p.m.7 views

EUVD-2025-208113

The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicio...

9.3CVSS5.4AI score0.00438EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/02/25 3:21 p.m.4 views

CVE-2025-1242

The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicio...

9.3CVSS5.4AI score0.00438EPSS
Exploits2References4
CVE
CVE
added 2026/02/25 3:21 p.m.31 views

CVE-2025-1242

CVE-2025-1242 affects Gardyn Home Kit via Gardyn IoT Hub. Root cause: hard-coded administrative credential iothubowner exposed across multiple vectors (API responses, mobile app, and device firmware), enabling unauthenticated full admin access to the hub and connected devices. Connected documents...

9.3CVSS5.4AI score0.00438EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.5 views

GitLab 8.3 < 18.5.5 / 18.6 < 18.6.3 / 18.7 < 18.7.1 (CVE-2025-10569)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denia...

6.5CVSS5.7AI score0.00479EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/07 9:27 a.m.11 views

CVE-2019-12474

Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

7.5CVSS6.5AI score0.02043EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/31 2:59 a.m.7 views

Sensitive Information Exposure

@actual-app/sync-server is vulnerable to sensitive Information Exposure. The vulnerability is due to logging parsed API responses to STDOUT using console.log/console.debug, which allows an attacker with access to application logs to obtain sensitive data such as bearer tokens, bank account detail...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-2038

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.02043EPSS
Exploits0References8
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-7841 Malicious code in @epc-libraries/common-api-responses (npm)

The package @epc-libraries/common-api-responses was found to contain malicious code...

7.2AI score
Exploits0
Rows per page
Query Builder