Lucene search
K

11 matches found

Vulnrichment
Vulnrichment
added 4 days ago3 views

CVE-2026-59706 mem0 - Unauthenticated Config API Exposure and SSRF via ollama_base_url

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS6AI score0.00259EPSS
Exploits0References4
CVE
CVE
added 2026/05/01 12:0 a.m.11 views

CVE-2026-37526

CVE-2026-37526 affects AGL app-framework-binder (afb-daemon) up to v19.90.0. The issue arises in the abstract Unix socket @urn:AGL:afs:supervision:socket where the function on_supervision_call dispatches eight supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without any...

7.8CVSS6AI score0.00123EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/15 10:54 a.m.5 views

CVE-2026-30778

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...

5.8AI score0.00544EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/10/02 9:15 p.m.10 views

CVE-2025-61666 Traccar Unauthenticated Local File Inclusion on Windows - Leakage of Traccar Config File

Traccar is an open source GPS tracking system. Default installs of Traccar on Windows between versions 6.1- 6.8.1 and non default installs between versions 5.8 - 6.0 are vulnerable to unauthenticated local file inclusion attacks which can lead to leakage of passwords or any file on the file syste...

8.7CVSS0.01196EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/02 9:15 p.m.1 views

CVE-2025-61666 Traccar Unauthenticated Local File Inclusion on Windows - Leakage of Traccar Config File

Traccar is an open source GPS tracking system. Default installs of Traccar on Windows between versions 6.1- 6.8.1 and non default installs between versions 5.8 - 6.0 are vulnerable to unauthenticated local file inclusion attacks which can lead to leakage of passwords or any file on the file syste...

8.7CVSS6.6AI score0.01196EPSS
Exploits0References3
CVE
CVE
added 2025/10/02 9:15 p.m.35 views

CVE-2025-61666

CVE-2025-61666 covers a Local File Inclusion in Traccar, an open source GPS tracking system. Affects Windows installations: versions 6.1–6.8.1 with default configuration are vulnerable due to the web override being enabled by default; versions 5.8–6.0 are vulnerable only if the configuration cont...

8.7CVSS6.6AI score0.01196EPSS
In wildExploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-45305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gix-path is a crate of the gitoxide project dealing with git paths and their conversions. gix-path executes git to find the path of a configuration file that...

2.5CVSS5.4AI score0.00244EPSS
Exploits0References2
OSV
OSV
added 2025/05/05 4:15 p.m.7 views

CVE-2025-27920

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

8.8CVSS5.8AI score0.01782EPSS
Exploits0References4
OSV
OSV
added 2022/05/14 1:23 a.m.9 views

GHSA-F553-J2GV-G5R9 Apache Solr Kerberos delegation token functionality flaws

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider...

7.5CVSS5.9AI score0.02202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/10/15 12:0 a.m.6 views

PT-2020-20210 · Linux Foundation +2 · Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to 1.19.3 Kubernetes versions prior to 1.18.10 Kubernetes versions prior to 1.17.13 Description: The issue arises when a Kubernetes cluster uses a logging level of at least 4 and encounters a malformed docker config...

8.8CVSS5.6AI score0.06505EPSS
Exploits2References37
OSV
OSV
added 2020/06/03 1:15 p.m.2 views

CVE-2020-2198

Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure...

6.5CVSS6.6AI score
Exploits0References2
Rows per page
Query Builder