Lucene search
K

1915 matches found

NVD
NVD
added yesterday5 views

CVE-2026-20296

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...

8.3CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday13 views

CVE-2026-20296 SPL Command Safeguards Bypass through Cross-Site Request Forgery (CSRF) in Deployment Server in Splunk Enterprise

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...

8.3CVSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-44666

ICU Scandinavia Boomerang is vulnerable to an information disclosure flaw where sensitive credential files are exposed via static HTTP. This allows an unauthenticated remote attacker to retrieve plaintext service account and SMTP credentials by requesting specific XML files from the webroot. This...

7.1CVSS6.1AI score
Exploits0References2
Nuclei
Nuclei
added yesterday19 views

Electrolink FM/DAB/TV Transmitter - Credentials Disclosure

A credential exposure vulnerability in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2 allows unauthorized attackers to access credentials in plaintext. id: CVE-2025-28228 info: name: Electrolink FM/DAB/TV Transmitter - Credentials Disclosure...

7.5CVSS6.1AI score0.0168EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday29 views

Glances - Information Disclosure

Glances 4.5.2 contains an information disclosure vulnerability caused by the web server running without authentication by default, letting remote attackers access sensitive system information including credentials, exploit requires no special privileges. id: CVE-2026-32596 info: name: Glances -...

8.7CVSS7AI score0.0155EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday13 views

Glances - Information Disclosure

Glances 4.5.1 contains an information disclosure vulnerability caused by unfiltered exposure of sensitive configuration data via the /api/4/config REST API endpoint, letting remote attackers access credentials, exploit requires API access. id: CVE-2026-30928 info: name: Glances - Information...

8.7CVSS7AI score0.01657EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-60192

Name of the Vulnerable Software and Affected Versions LightRAG versions prior to 1.5.4 Description An issue exists in the server configuration within the file lightrag/api/lightrag server.py where CORS ORIGINS is set to and allow credentials is set to True. This configuration causes the Starlette...

9.3CVSS6.2AI score
Exploits0References8
NVD
NVD
added 2 days ago3 views

CVE-2026-47282

Insufficiently protected credentials in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...

6.5CVSS0.00603EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-14646

Nexus Repository 3 did not apply its existing Server-Side Request Forgery SSRF protections to HTTP redirect targets returned by proxy repository upstream servers. Any user with read access to a proxy repository backed by an attacker-controlled or compromised upstream server — including an anonymo...

4.9CVSS0.00265EPSS
Exploits0References2
CVE
CVE
added 2 days ago11 views

CVE-2026-47282

Summary: CVE-2026-47282 concerns insufficiently protected credentials in GitHub Copilot and Visual Studio Code, leading to potential information disclosure over a network. Impact and scope (as per metrics): CVSS 3.1 base score 6.5 (Medium); attack vector: NETWORK; attack complexity: LOW; privileg...

6.5CVSS6.1AI score0.00603EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-15075

In Eclipse Vert.x versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, DefaultRedirectHandler vertx-core propagates all request headers as-is across cross-origin HTTP 30x redirects. Only Content-Length is stripped; no origin comparison scheme, host, port is performed before copyin...

8.2CVSS6.2AI score0.00141EPSS
Exploits0References2Affected Software1
Nuclei
Nuclei
added 2 days ago30 views

D-Link DIR-859 - Information Disclosure

A critical information disclosure vulnerability exists in D-Link devices where sensitive device account information including credentials can be retrieved by sending an unauthenticated request to /getcfg.php endpoint with the parameter SERVICES=DEVICE.ACCOUNT. This could allow attackers to obtain...

9.8CVSS6.8AI score0.32261EPSS
Exploits1References2
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-43559

9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact with provider management API endpoints by sending requests without any credentials due to missing authentication middleware in the Next.js API routes under...

9.8CVSS6.1AI score0.00521EPSS
Exploits0References3
NVD
NVD
added 3 days ago6 views

CVE-2026-59801

9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact with provider management API endpoints by sending requests without any credentials due to missing authentication middleware in the Next.js API routes under...

9.8CVSS0.00521EPSS
Exploits0References2
CVE
CVE
added 3 days ago9 views

CVE-2026-59801

CVE-2026-59801 affects 9Router up to version 0.4.41 and is caused by missing authentication middleware in Next.js API routes under src/app/api/providers/*. It allows unauthenticated remote interaction with provider management endpoints, enabling enumeration, creation, modification, or deletion of...

9.8CVSS6.1AI score0.00521EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-59801 9Router 0.4.41 - Unauthenticated API Exposure via /api/providers

9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact with provider management API endpoints by sending requests without any credentials due to missing authentication middleware in the Next.js API routes under...

9.8CVSS0.00521EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 3 days ago7 views

CVE-2026-15574

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS6AI score0.00259EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago8 views

Malicious code in babel-preset-lib-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4274de0136aa69f8b0f4eba03412c7809a1b8c2446bb3ed7f6de1333475aa4c4 index.js, the package main, runs a load-time IIFE that collects OS platform and architecture, hostname, username, private and public IP via...

6.1AI score
Exploits0References5
NVD
NVD
added 6 days ago7 views

CVE-2026-59155

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to 2.2.5, the GET /api/v1/ddns and GET /api/v1/notification endpoints return full resource objects including plaintext third-party API credentials, including Cloudflare API tokens, TencentCloud...

6.9CVSS0.00304EPSS
Exploits0References3
CVE
CVE
added 6 days ago11 views

CVE-2026-59155

Nezha Monitoring (self-hosted) had a credential exposure flaw prior to version 2.2.5. The GET endpoints /api/v1/ddns and /api/v1/notification returned full resource objects that included plaintext third-party API credentials (Cloudflare API tokens, TencentCloud SecretKeys, Slack/Discord/Telegram ...

6.9CVSS6.1AI score0.00304EPSS
Exploits0References3
Rows per page
Query Builder