Lucene search
K

518 matches found

EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42596

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the we...

8.6CVSS5.9AI score0.0034EPSS
Exploits0References1
NVD
NVD
added 4 days ago9 views

CVE-2026-56460

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system...

6.5CVSS0.00371EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-56460

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system...

6.5CVSS5.8AI score0.00371EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-56460 HCL DevOps Deploy / HCL Launch is susceptible to an Insertion of Sensitive Information Into Sent Data vulnerability

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system...

6.5CVSS0.00371EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42555

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system...

6.5CVSS5.8AI score0.00371EPSS
Exploits0References1
NVD
NVD
added 2026/07/03 9:16 p.m.8 views

CVE-2026-22555

Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets...

8.1CVSS0.00304EPSS
Exploits0References4
CVE
CVE
added 2026/07/01 5:48 p.m.90 views

CVE-2026-47262

CVE-2026-47262 affects containerd where a maliciously crafted image can trigger a Denial of Service by exhausting memory during container creation, causing an Out-Of-Memory (OOM) kill of the containerd process and making the runtime API unavailable (impacting clients like Docker Engine and Kubern...

5.5CVSS5.7AI score0.00317EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/01 2:34 p.m.32 views

CVE-2026-58024 API identification of users on private wikis

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiUserrights.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.1CVSS0.00334EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 3:43 a.m.8 views

EUVD-2026-40892

The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS5.6AI score0.00367EPSS
Exploits0References8
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-56350

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...

7.7CVSS0.00258EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5347 OliveTin: ValidateArgumentType API Endpoint's Missing Authentication Allows Action and Argument Enumeration in github.com/OliveTin/OliveTin

OliveTin: ValidateArgumentType API Endpoint's Missing Authentication Allows Action and Argument Enumeration in github.com/OliveTin/OliveTin...

3.7CVSS5.8AI score0.00328EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52207

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.3 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description Insufficient filtering in a CI/CD API endpoint could allow sensitive information to be written to...

4.4CVSS5.7AI score0.0013EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 2:1 p.m.8 views

EUVD-2026-38792

An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3...

6.3CVSS5.9AI score0.00178EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51507

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description Multiple OS command injection issues exist in the Custom MCP Server feature. These occur due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker wi...

9.9CVSS6.2AI score0.02683EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.9 views

PT-2026-56266

Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.09.4 Description Webview-based pages communicate with the Rust backend via an internal localhost API. User scripts included through iframes in the editor can bypass protections to access this API. A malicious imported...

6.5CVSS6.2AI score0.00169EPSS
Exploits0References10
GithubExploit
GithubExploit
added 2026/06/12 9:37 p.m.76 views

ember

🔥 Ember AI systems burn brightly but hide their secrets. Em...

5.3AI score
Exploits0
Friends Of PHP
Friends Of PHP
added 2026/06/09 9:3 a.m.9 views

TYPO3-CORE-SA-2026-018: Insecure Deserialization in Core API

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-018...

6.3CVSS5.4AI score0.00215EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/08 12:30 a.m.12 views

EUVD-2026-34996

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

3.1CVSS4.8AI score0.0022EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-37223

FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert. A remote unauthenticated attacker can send any decodable E2AP PDU with a message type not in the whitelist to crash the iApp...

7.5CVSS5.5AI score0.00437EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-9808

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...

7.1CVSS5.5AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder