1079 matches found
GHSA-75V5-6885-59F9 AgentScope Cross-Origin Resource Sharing (CORS) vulnerability
A Cross-Origin Resource Sharing CORS vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can lead to unauthorized dat...
CVE-2024-23943
An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected...
CVE-2024-9612
In danswer-ai/danswer v0.3.94, administrators can set the visibility of pages within a workspace, including the search page. When the search page is set to be invisible, regular users cannot view the search page or access its functionalities from the front-end interface. However, the back-end doe...
CVE-2024-11602
A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...
CVE-2024-9612
In danswer-ai/danswer v0.3.94, the vulnerability stems from the back-end not validating the visibility status of the search page. Administrators can hide the search page from the front-end, but regular users can still access its functionalities by directly calling the API, bypassing the visibilit...
CVE-2024-11602
CVE-2024-11602 affects feast-dev/feast v0.40.0. The CORS configuration on the agentscope server does not restrict access to trusted origins, allowing requests from any external domain. This can bypass security controls and potentially expose sensitive information. The provided documents do not sp...
CVE-2024-23943 MB connect line: Cloud API access due to a lack of authentication for a critical function
An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected...
CVE-2024-23943
CVE-2024-23943 affects MB Connect Line mbCONNECT24 devices. The root cause is a lack of authentication for a critical function, enabling unauthenticated remote attackers to access the cloud API. Vulnerable versions are mbCONNECT24 prior to 2.16.2; remediation is upgrading to 2.16.2 or later. Impa...
CVE-2024-23943 MB connect line: Cloud API access due to a lack of authentication for a critical function
An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected...
Improper Authorization
Umbraco.Cms.Api.Management is vulnerable to improper access control. The vulnerability is due to insufficient API access restrictions due to low-privilege authenticated users being able to create and update data type information meant for higher-privilege users...
CVE-2025-2395
The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator...
CVE-2025-27601
Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...
NVIDIA Riva Triton Inference Server Missing Authentication Vulnerability
This vulnerability allows remote attackers to access protected functionality on affected installations of NVIDIA Riva. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the Triton Inference Server. The issue results from the lack of...
Rembg CORS misconfiguration
Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allowcredentia...
CVE-2025-27601
Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...
CVE-2025-27601 Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality
Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...
CVE-2025-27601 Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality
Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...
CVE-2025-27601 Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality
Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...
CVE-2025-27601
CVE-2025-27601 concerns Umbraco in the API management package, where an improper API access control allows low-privilege authenticated users to create and update data type information restricted to settings-access users. Affected are Umbraco.Cms.Api.Management versions prior to 14.3.3 and 15.2.3....
Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality
Impact An improper API access control issue has been identified, allowing low-privilege, authenticated users to create and update data type information that should be restricted to users with access to the settings section. Patches Will be patched in 14.3.3 and 15.2.3. Workarounds None available...