Lucene search
K

1638 matches found

EUVD
EUVD
added 19 hours ago5 views

EUVD-2026-43547

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit the...

9.3CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday8 views

CVE-2026-62328

Summary: CVE-2026-62328 affects 9Router up to version 0.4.41 and describes an unauthenticated information-disclosure vulnerability exposed via unprotected API endpoints. Attackers can remotely query the request-logs and request-details routes (which lack authentication middleware) to enumerate pa...

8.7CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added yesterday24 views

CVE-2026-62327 9Router 0.4.41 - Unauthenticated API Key Exposure via /api/usage/stats

9Router through version 0.4.41 contains an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit th...

9.3CVSS
Exploits0References2
The Hacker News
The Hacker News
added yesterday7 views

Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft

A new phishing-as-a-service PhaaS operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle AitM tactics, antibot evasion, artificial intelligence AI-assisted lure creation, and post-compromise mailbox operations targeting Microsoft 365 accounts. Distributed...

6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57852

Name of the Vulnerable Software and Affected Versions ServiceNow AI platform affected versions not specified Description An issue in the ServiceNow AI platform allows an unauthenticated user to execute arbitrary code within the platform under certain circumstances. Remote code execution refers to...

9.5CVSS6.6AI score
Exploits0References5
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43061

Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

6.1AI score0.00142EPSS
Exploits0References2
NVD
NVD
added 4 days ago4 views

CVE-2026-13235

Missing Authorization vulnerability in Drupal AI Artificial Intelligence allows Forceful Browsing. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...

3.3CVSS0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-13235 AI (Artificial Intelligence) - Moderately critical - Access bypass - SA-CONTRIB-2026-055

Missing Authorization vulnerability in Drupal AI Artificial Intelligence allows Forceful Browsing. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...

0.00142EPSS
Exploits0References1
CVE
CVE
added 4 days ago23 views

CVE-2026-13235

This CVE concerns a Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) impacting Drupal AI versions 0.0.0–1.2.17, 1.3.0–1.3.8, and 1.4.0–1.4.3. The root cause is improper access validation for agent tools exposed by Drupal core actions, enabling forceful browsing by an att...

3.3CVSS6.1AI score0.00142EPSS
Exploits0References1
OSV
OSV
added 4 days ago3 views

CVE-2026-13234 AI (Artificial Intelligence) - Moderately critical - Information Disclosure / Cross-site Scripting - SA-CONTRIB-2026-054

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI Artificial Intelligence allows Cross-Site Scripting XSS. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...

6.1CVSS6.1AI score0.00161EPSS
Exploits0References5
CVE
CVE
added 4 days ago13 views

CVE-2026-13234

CVE-2026-13234 concerns an improper neutralization of input during web page generation (XSS) in Drupal AI (Artificial Intelligence). Affected versions: 0.0.0–1.2.17, 1.3.0–1.3.8, and 1.4.0–1.4.3. The root cause is input handling within the module and certain submodules (AI Automators, AI Translat...

6.1CVSS6.1AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-57475

Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. These additions were not used by the system. On 2026-03-25, AI Assist for Customer restricted network access an...

6.9CVSS0.0034EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42974

Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker’s reconnaissance effort. On 2026-03-25, AI Assist for Customer restricted network access and enforced...

6.9CVSS6.1AI score0.00279EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Kibana 8.x < 8.16.3 / 8.17.x < 8.17.2 Authorization Bypass (ESA-2026-51)

The version of Kibana installed on the remote host is 8.x prior to 8.16.3 or 8.17.x prior to 8.17.2. It is, therefore, affected by an authorization bypass vulnerability: - Authorization Bypass Through User-Controlled Key CWE-639 in Kibana can lead to unauthorized data modification. Under certain...

6.2AI score
Exploits0References2
Patchstack
Patchstack
added 5 days ago4 views

WordPress BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin <= 4.6.0 - Authenticated (Custom+) SQL Injection vulnerability

Authenticated Custom+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin BetterDocs versions = 4.6.0...

6.5CVSS6AI score0.0026EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42650

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, sanitizeproxypath in backend/openwebui/routers/terminals.py decoded proxy paths only eight times, allowing a nine-times percent-encoded ../ traversal value to pass normalization checks...

7.7CVSS5.9AI score0.00362EPSS
Exploits1References4
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42609

n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a...

7.1CVSS6.1AI score0.00263EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 5 days ago4 views

Important: Red Hat Security Advisory: RHTAS 1.4 - GA Release of Model Transparency 1.0.2

The GA release of the RHTAS Model Transparency CLI image. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads...

8CVSS7.1AI score0.0032EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 5 days ago8 views

Critical: Red Hat Security Advisory: RHOAI 3.3.5 - Red Hat OpenShift AI

Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 3.3.5 provides these changes:...

10CVSS7AI score0.01945EPSS
Exploits15References34
The Hacker News
The Hacker News
added 6 days ago63 views

New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware

AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist. New research, which its authors call HalluSquatting , turns that habit into an attack: work out the fake names an AI...

6.1AI score
Exploits0
Rows per page
Query Builder