Lucene search
K

137 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-45701

Sulu is an open-source PHP content management system based on the Symfony framework. Prior to versions 2.6.23 and 3.0.6, the password reset tokenand API key generation uses a weak cryptographical hash algorithm. This issue has been patched in versions 2.6.23 and 3.0.6...

6.9CVSS5.4AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.11 views

CVE-2026-3514

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS7.2AI score0.00476EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.13 views

Prefect 安全漏洞

Prefect is a workflow orchestration tool developed by Prefect OpenSource, enabling developers to build, monitor data pipelines, and respond to changes in those pipelines. Version 3.6.19 of Prefect contains a security vulnerability. This vulnerability stems from improper handling of URL paths for...

7.5CVSS5.3AI score0.00476EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/28 7:48 p.m.19 views

EUVD-2026-33033

Improper Input Validation CWE-20 in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequatel...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.10 views

WordPress plugin WishList Member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS5.9AI score0.00258EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/19 6:0 a.m.10 views

CVE-2025-15609 Fortis For WooCommerce < 1.3.1 - Sensitive API Key Disclosure

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc...

5.8AI score0.00404EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 7:3 p.m.7 views

CVE-2026-45246 Summarize < 0.15.1 Insecure File Permissions Information Disclosure

Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration file, it creates th...

6.8CVSS5.8AI score0.00137EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.9 views

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from insecure file permissions in the configuration rewritepath without refreshing, allowing local users to acces...

6.8CVSS5.8AI score0.00137EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from API keys sent via the x-api-key header, allowing bypass of endpoint restrictions and...

6.5CVSS5.8AI score0.00309EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Archon 安全漏洞

Archon is a content management system CMS specifically designed for archival information management. Version 0.1.0 of Archon contains a security vulnerability. This vulnerability stems from a specially crafted HTML page, which may allow victims to execute commands when accessing the system, run...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 1:49 a.m.7 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in the RedirectHandler function. An attacker can obtain sensitive information such as session cookies, proxy credentials, and API keys by inducing a cross-host or cross-scheme redirect, causing these headers to be forwarde...

7CVSS5.8AI score0.00505EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:26 p.m.6 views

CVE-2026-42226

n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supp...

7.1CVSS5.9AI score0.0026EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/30 9:11 p.m.5 views

EUVD-2026-26448

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables API keys, DB credentials, modifying files, or launching further attacks on the internal netwo...

8.8CVSS5.7AI score0.0047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/29 2:48 p.m.7 views

CVE-2026-41464

ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data belonging to other users including password hashes and API keys. Attackers can bypass access...

7.1CVSS5.3AI score0.00304EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.15 views

PT-2026-36898

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.33 n8n versions prior to 2.17.5 Description An issue in the 'dynamic-node-parameters' endpoints allows an authenticated user with access to a shared workflow to supply a foreign credential ID in the request body...

8.5CVSS5.9AI score0.0026EPSS
Exploits0References7
NVD
NVD
added 2026/04/27 4:16 p.m.15 views

CVE-2026-41464

ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data belonging to other users including password hashes and API keys. Attackers can bypass access...

7.1CVSS0.00304EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/27 3:10 p.m.5 views

CVE-2026-41464 ProjeQtor < 12.4.4 Missing Authorization via objectDetail.php

ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data belonging to other users including password hashes and API keys. Attackers can bypass access...

7.1CVSS5.3AI score0.00304EPSS
Exploits0References4
CISA KEV Catalog
CISA KEV Catalog
added 2026/04/24 12:0 a.m.8 views

SimpleHelp Missing Authorization Vulnerability

SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role...

9.9CVSS8.7AI score0.09328EPSS
In wildExploits0
NVD
NVD
added 2026/04/23 8:16 p.m.10 views

CVE-2026-41266

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...

7.7CVSS0.00346EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/23 7:11 p.m.6 views

CVE-2026-41266 Flowise: Sensitive Data Leak in public-chatbotConfig

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...

7.7CVSS5.3AI score0.00346EPSS
Exploits1References1
Rows per page
Query Builder