Lucene search
+L

6 matches found

CVE
CVE
added yesterday8 views

CVE-2026-35147

HCL DFXServer is affected by a Broken Authentication vulnerability via direct API access. The application fails to verify the user’s authentication status when accessing specific API endpoints, allowing an unauthenticated attacker to interact with the APIs and perform unauthorized actions without...

8.2CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 7:35 a.m.40 views

CVE-2026-34905 Apache Answer: Unlisted Questions Accessible via Direct API Access

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted...

0.00325EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 7:5 a.m.10 views

CVE-2026-6341 Incomplete group locking implementation

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multiple groups to create issues to a locked group via direct API requests. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
OSV
OSV
added 2026/05/15 7:34 p.m.3 views

CVE-2026-44561 Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the isuserchannelmember function checks whether a ChannelMember row exists but does not check the isactive field. When a user is deactivated from a group or DM channel removed by the...

5.4CVSS5.9AI score0.00178EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.10 views

CVE-2026-4312

GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account...

9.8CVSS5.8AI score0.0045EPSS
Exploits0References1
CVE
CVE
added 2025/12/05 6:26 p.m.15 views

CVE-2025-66581

Frappe LMS (versions before 2.41.0) has a server-side authorization flaw where endpoints relied on client-side checks, allowing authenticated low-privilege users (e.g., students) to perform actions outside their roles via the API. The issue is fixed in 2.41.0. Affected component: server-side perm...

6.5CVSS6.2AI score0.00181EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder