Lucene search
K

57352 matches found

CVE
CVE
added 2026/02/07 7:2 p.m.16 views

CVE-2026-2108

The CVE-2026-2108 entry covers jsbroks COCO Annotator up to version 0.11.1. The vulnerability affects the Endpoint component’s /api/info/long_task, where manipulation can cause a denial of service. It is remotely exploitable and has been publicly disclosed; multiple sources note no vendor respons...

7.5CVSS5.4AI score0.00693EPSS
Exploits1References4Affected Software1
SUSE CVE
SUSE CVE
added 2026/02/07 12:23 a.m.18 views

SUSE CVE-2026-25538

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

8.8CVSS5.5AI score0.00393EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.7 views

PT-2026-6917

Name of the Vulnerable Software and Affected Versions jsbroks COCO Annotator versions up to 0.11.1 Description A flaw exists in jsbroks COCO Annotator that allows for improper authorization. This issue is related to the manipulation of the ID argument within an unknown function of the /api/undo/...

5.5CVSS5.2AI score0.00386EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.8 views

PT-2026-6928

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description WeKan contains an authorization issue in certain card update API paths. These paths only validate read access to a board instead of requiring write permission. This allows users with read-only roles to...

7.1CVSS5.4AI score0.00277EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/06 10:34 p.m.13 views

Keylime Missing Authentication for Critical Function and Improper Authentication

Impact The Keylime registrar does not enforce mutual TLS mTLS client certificate authentication since version 7.12.0. The registrar's TLS context is configured with ssl.CERTOPTIONAL instead of ssl.CERTREQUIRED, allowing any client to connect to protected API endpoints without presenting a valid...

9.8CVSS5.5AI score0.0575EPSS
Exploits0References9Affected Software1
GithubExploit
GithubExploit
added 2026/02/06 9:30 p.m.194 views

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

ButtF - Backend Misconfiguration & Logic Flaw Exploitation Too...

10CVSS5.7AI score0.99999EPSS
Exploits438
NVD
NVD
added 2026/02/06 9:16 p.m.12 views

CVE-2026-25729

DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...

6.5CVSS0.00209EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/06 8:30 p.m.9 views

CVE-2026-25729

DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...

5.3CVSS5.5AI score0.00209EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/06 8:30 p.m.5 views

CVE-2026-25729 DeepAudit Affected by User Enumeration via Broken Access Control

DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...

5.3CVSS5.5AI score0.00209EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/06 8:24 p.m.5 views

CVE-2026-25632 EPyT-Flow has unsafe JSON deserialization (__type__)

EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field...

10CVSS5.7AI score0.00657EPSS
Exploits0References3
OSV
OSV
added 2026/02/06 7:47 p.m.6 views

GHSA-RJV5-9PX2-FQW6 Gogs has authorization bypass in repository deletion API

Summary The DELETE /api/v1/repos/:owner/:repo endpoint lacks necessary permission validation middleware. Consequently, any user with read access including read-only collaborators can delete the entire repository. This vulnerability stems from the API route configuration only utilizing the...

7.2CVSS5.9AI score0.00103EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/06 7:47 p.m.8 views

Gogs has authorization bypass in repository deletion API

Summary The DELETE /api/v1/repos/:owner/:repo endpoint lacks necessary permission validation middleware. Consequently, any user with read access including read-only collaborators can delete the entire repository. This vulnerability stems from the API route configuration only utilizing the...

5.6AI score0.00103EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/02/06 5:50 p.m.6 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the UpdateRepoFile function. An attacker can execute arbitrary system commands by updating files within the .git directory remotely via API router. This vulnerability is a bypass for the one addressed in...

10CVSS5.9AI score0.01229EPSS
Exploits3References2
Github Security Blog
Github Security Blog
added 2026/02/06 5:49 p.m.11 views

Gogs's update .git/config file allows remote command execution

Summary Due to the insufficient patch for the https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7, it's still possible to update files in the .git directory and achieve remote command execution. Details Function UpdateRepoFile security check under some if conditions. While...

9.8CVSS5.4AI score0.01229EPSS
Exploits3References4Affected Software1
OSV
OSV
added 2026/02/06 5:49 p.m.5 views

GHSA-GG64-XXR9-QHJP Gogs's update .git/config file allows remote command execution

Summary Due to the insufficient patch for the https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7, it's still possible to update files in the .git directory and achieve remote command execution. Details Function UpdateRepoFile security check under some if conditions. While...

9.3CVSS5.5AI score0.01229EPSS
Exploits3References4
OSV
OSV
added 2026/02/06 5:34 p.m.5 views

USN-8015-3 linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; - iouring subsystem; CVE-2025-38561, CVE-2025-39698, CVE-2025-40019...

8.8CVSS6.7AI score0.00391EPSS
Exploits2References4
Ubuntu
Ubuntu
added 2026/02/06 5:34 p.m.7 views

USN-8015-3: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; - iouring subsystem; CVE-2025-38561, CVE-2025-39698, CVE-2025-40019...

8.8CVSS8.2AI score0.00391EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/06 5:13 p.m.18 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.0.1 Vulnerability Details CVEID:CVE-2023-39804 DESCRIPTION: In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. CVSS Source: IBM X-Force CVSS Base...

8.6CVSS6.8AI score0.01082EPSS
Exploits3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/06 4:22 p.m.7 views

CVE-2026-2103 Use of Hard-Coded Cryptographic Key for Password Storage

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...

7.1CVSS5.4AI score0.00097EPSS
Exploits1References1
CVE
CVE
added 2026/02/06 4:22 p.m.15 views

CVE-2026-2103

Infor SyteLine ERP is affected by CVE-2026-2103 due to hard-coded static cryptographic keys used to encrypt stored credentials (passwords, DB connection strings, API keys). The keys are identical across all installations, enabling an attacker with access to the application binary and database to ...

7.8CVSS5.4AI score0.00097EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder