Lucene search
K

58 matches found

Vulnrichment
Vulnrichment
added 2026/01/13 12:0 a.m.4 views

CVE-2025-66698

An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints...

6.7AI score0.00428EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/01/09 2:52 p.m.204 views

Exploit for CVE-2025-55462

CVE-2025-55462 --- Vulnerability Summary A CORS misconf...

6.3AI score0.0036EPSS
Exploits1
EUVD
EUVD
added 2026/01/09 12:0 a.m.6 views

EUVD-2026-1678

Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4...

6.5CVSS7.1AI score0.00268EPSS
Exploits0References4
OSV
OSV
added 2026/01/02 7:11 p.m.4 views

CVE-2026-21445 Langflow Missing Authentication on Critical API Endpoints

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

9.3CVSS6.8AI score0.20655EPSS
Exploits1References4
Snyk
Snyk
added 2025/12/18 6:30 p.m.4 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via exposed API endpoints that do not require authentication. An attacker can perform unauthorized model management operations by sending crafted requests to these endpoints...

9.8CVSS6.9AI score0.00632EPSS
Exploits0References2
OSV
OSV
added 2025/12/17 11:10 p.m.4 views

CVE-2025-68435 Zerobyte has Authentication Bypass by Primary Weakness

Zerobyte is a backup automation tool Zerobyte versions prior to 0.18.5 and 0.19.0 contain an authentication bypass vulnerability where authentication middleware is not properly applied to API endpoints. This results in certain API endpoints being accessible without valid session credentials. This...

9.1CVSS7AI score0.00363EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.6 views

Primakon Pi Portal 安全漏洞

Primakon Pi Portal is a project, contract management platform from Primakon Croatia. A security vulnerability exists in Primakon Pi Portal version 1.0.18, which stems from insufficient authentication of API endpoints and could lead to unauthorized data access...

5.3CVSS6.8AI score0.00206EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.5 views

CVE-2023-7322

Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check coul...

8.7CVSS6.5AI score0.00972EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.6 views

PT-2025-44756

Name of the Vulnerable Software and Affected Versions Elastic Cloud Enterprise affected versions not specified Description An improper authorization issue exists in the Elastic Cloud Enterprise platform’s application programming interfaces. Exploitation of this issue may allow a remote attacker t...

9CVSS6.7AI score0.00324EPSS
Exploits0References12
Cvelist
Cvelist
added 2025/10/24 3:41 p.m.8 views

CVE-2025-62714 Karmada Dashboard API Unauthorized Access Vulnerability

Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints e.g., /api/v1/secret, /api/v1/service did not...

8.7CVSS0.00607EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-12507

Malware in sbrugna...

6.7CVSS6.1AI score0.00324EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-27673

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00823EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.15 views

Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability

A Denial of Service DoS vulnerability exists in open-webui/open-webui version 0.3.21. This vulnerability affects multiple endpoints, including /ollama/models/upload, /audio/api/v1/transcriptions, and /rag/api/v1/doc. The application processes multipart boundaries without authentication, leading t...

7.5CVSS6.7AI score0.00644EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/14 12:0 a.m.6 views

PT-2025-7177 · Rupeeweb · Rupeeweb

Name of the Vulnerable Software and Affected Versions: RupeeWeb trading platform affected versions not specified Description: This issue exists due to insufficient authorization controls on certain API endpoints handling addition and deletion operations. Successful exploitation could allow an...

7.4CVSS6.7AI score0.00453EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/01/23 12:0 a.m.7 views

PT-2025-4986 · New Media One · New Media One Geodigs

Name of the Vulnerable Software and Affected Versions: New Media One GeoDigs versions prior to 3.4.1 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables attackers to inject malicious script...

7.1CVSS9.1AI score0.0022EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.8 views

PT-2024-17021 · Red Hat · Ansible +1

Name of the Vulnerable Software and Affected Versions: Ansible Automation Platform AAP affected versions not specified Ansible nan affected versions not specified Description: A vulnerability was found in the Ansible Automation Platform AAP and Ansible nan, allowing attackers to escalate privileg...

5CVSS7.4AI score0.0051EPSS
Exploits0References18
NVD
NVD
added 2024/10/23 5:15 p.m.17 views

CVE-2024-20341

A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a browser that is accessing an affected...

6.1CVSS0.00412EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/20 12:0 a.m.13 views

PT-2024-33570 · Henrique Rodrigues · Safetyforms

Name of the Vulnerable Software and Affected Versions: Henrique Rodrigues SafetyForms versions n/a through 1.0.0 Description: A Cross-Site Request Forgery CSRF issue allows Blind SQL Injection. This means an attacker can trick a user into performing unintended actions on the web application,...

8.8CVSS7.8AI score0.00215EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/09/11 12:0 a.m.6 views

Reedos aiM-Star 安全漏洞

Reedos aiM-Star is a software product from Reedos for mutual fund distribution. A security vulnerability exists in Reedos aiM-Star version 2.0.1, which stems from a lack of rate limiting for OTP requests in certain API endpoints, which could allow an attacker to send multiple OTP requests through...

8.7CVSS6.7AI score0.00498EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/04/08 9:13 a.m.9 views

nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)

A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...

7.4CVSS7.2AI score0.01302EPSS
Exploits0References4
Rows per page
Query Builder