Lucene search
K

1606 matches found

CVE
CVE
added yesterday9 views

CVE-2026-62327

The vulnerability concerns 9Router up to version 0.4.41. An unauthenticated request to the Next.js API route /api/usage/stats is possible due to missing authentication middleware, leading to exposure of plaintext API keys for all connected AI provider accounts, along with token counts, costs and ...

9.3CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added yesterday30 views

CVE-2026-62327 9Router 0.4.41 - Unauthenticated API Key Exposure via /api/usage/stats

9Router through version 0.4.41 contains an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit th...

9.3CVSS
Exploits0References2
EUVD
EUVD
added yesterday9 views

EUVD-2026-43251

A vulnerability was found in Leantime up to 3.8.0. Affected is the function Setting::saveSetting of the component API. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early...

6.5CVSS6.2AI score0.00333EPSS
Exploits0References6
Fedora
Fedora
added 2 days ago9 views

[SECURITY] Fedora 43 Update: upower-1.91.3-2.fc43

UPower formerly DeviceKit-power provides a daemon, API and command line tools for managing power devices attached to the system...

6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-57577

Name of the Vulnerable Software and Affected Versions Leantime versions prior to 3.8.1 Description An improper authorization issue exists in the API component within the Setting::saveSetting function. This flaw allows a remote attacker to manipulate settings due to insufficient authorization...

6.5CVSS6.7AI score0.00333EPSS
Exploits0References8
CVE
CVE
added 4 days ago10 views

CVE-2026-55516

CVE-2026-55516 affects Snipe-IT prior to 8.6.2. A PATCH/PUT to /api/v1/maintenances/{maintenance_id} first validates access to the maintenance and asset, then accepts attacker-controlled asset_id, allowing an authorized user to re-parent a maintenance record to an asset outside their company scop...

7.7CVSS6.1AI score0.00218EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56765

Name of the Vulnerable Software and Affected Versions HCL DevOps Deploy / HCL Launch affected versions not specified Description HCL DevOps Deploy / HCL Launch may disclose sensitive configurations and secrets to authenticated users through API responses. This information leakage could be leverag...

6.5CVSS6.1AI score0.00371EPSS
Exploits0References5
Fedora
Fedora
added 2026/07/05 1:10 a.m.9 views

[SECURITY] Fedora 44 Update: python-streamlink-8.4.0-1.fc44

Streamlink is a command-line utility that pipes video streams from various services into a video player, such as VLC. The main purpose of Streamlink is to allow the user to avoid buggy and CPU heavy flash plugins but still be able to enjoy various streamed content. There is also an API available...

6.5CVSS5.9AI score0.00345EPSS
Exploits1
Fedora
Fedora
added 2026/07/05 12:52 a.m.9 views

[SECURITY] Fedora 43 Update: python-streamlink-8.4.0-1.fc43

Streamlink is a command-line utility that pipes video streams from various services into a video player, such as VLC. The main purpose of Streamlink is to allow the user to avoid buggy and CPU heavy flash plugins but still be able to enjoy various streamed content. There is also an API available...

6.5CVSS5.9AI score0.00345EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:50 p.m.6 views

CVE-2026-55113

A malicious actor with access to the network could exploit a Server-Side Request Forgery SSRF vulnerability found in UniFi Talk Application to execute a Denial of Service DoS attack and bypass authentication in certain UniFi Talk API endpoints...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.7 views

CVE-2026-54407

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 2:49 p.m.16 views

CVE-2026-54407

The CVE-2026-54407 entry concerns UniFi Protect Application with an Improper Access Control flaw that allows bypassing authentication on certain API endpoints. The vulnerability enables an unauthenticated or improperly authenticated actor with network access to interact with protected UniFi Prote...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/02 2:49 p.m.14 views

EUVD-2026-41379

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 4:16 p.m.38 views

CVE-2026-58029

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php,...

6.5CVSS0.00351EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 4:16 p.m.4 views

UBUNTU-CVE-2026-58027

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseFilters.Php. This issue affects AbuseFilter: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

6.5CVSS6.1AI score0.00371EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 3:19 p.m.29 views

CVE-2026-58029

CVE-2026-58029 affects Wikimedia Foundation MediaWiki and enables a full account takeover via BotPasswords and OAuth through action=changeauthenticationdata. Affected versions are MediaWiki: before 1.46.0, 1.45.4, 1.44.6, 1.43.9. The issue involves the API and Special pages: ApiChangeAuthenticati...

6.5CVSS5.8AI score0.00351EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.36 views

CVE-2026-56350 n8n - SSO Enforcement Bypass via API

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...

6.3CVSS0.00258EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 9:6 p.m.18 views

CVE-2026-58449

txtai up to 9.10.0 is affected by an unauthenticated remote code execution via the /reindex API. The function body parameter is resolved through txtai.util.Resolver, which uses import and getattr on a user-supplied dotted path without an allowlist. If the API is exposed without a TOKEN and the in...

9.8CVSS6.5AI score0.00725EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/30 7:55 p.m.7 views

CVE-2026-10140

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials,...

9.6CVSS5.8AI score0.00201EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 7:55 p.m.41 views

CVE-2026-10140 Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials,...

9.6CVSS0.00201EPSS
Exploits0References1
Rows per page
Query Builder