Lucene search
K

72 matches found

NVD
NVD
added 5 days ago9 views

CVE-2026-12517

The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users the gating nonce is exposed on public pages carrying an embed to make the site request...

5.3CVSS0.00187EPSS
Exploits0References1
CVE
CVE
added 5 days ago9 views

CVE-2026-12517

CVE-2026-12517 : The Fediverse Embeds WordPress plugin is vulnerable to a Server-Side Request Forgery (SSRF) because the destination of a server-side request from the unauthenticated site-info endpoint is not validated. This allows anonymous users to trigger requests to internal/private network U...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42513

The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users the gating nonce is exposed on public pages carrying an embed to make the site request...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-12517 Fediverse Embeds < 1.5.8 - Unauthenticated SSRF via Site Info Endpoint

The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users the gating nonce is exposed on public pages carrying an embed to make the site request...

0.00187EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 6:16 p.m.9 views

CVE-2026-51946

SQL Injection vulnerability in GoAdminGroup GoAdmin last release v1.2.26 allows a remote attacker to execute arbitrary code and obtain sensitive information via the the sorttype URL parameter on all /admin/info/table endpoints...

6.5CVSS0.00336EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.12 views

PT-2026-54735

Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An unauthenticated attacker can perform error-based SQL injection by sending crafted values to the id parameter via a GET request to the 'job info.php' endpoint. The issue...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-474 PraisonAI Has Missing Authentication in WebSocket Gateway

Summary The PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. Details gateway/server.py:242 source -...

9.1CVSS5.9AI score0.00444EPSS
Exploits1References5
CVE
CVE
added 2026/06/24 9:5 p.m.9 views

CVE-2026-49278

Rocket.Chat vulnerable component: the visitors.info endpoint leaked a token in responses prior to versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12. The issue allows token exposure in visitor information responses and is fixed in the listed versions. Affected products/version...

6.7CVSS5.8AI score0.00243EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52099

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.0 Rocket.Chat versions prior to 8.4.2 Rocket.Chat versions prior to 8.3.4 Rocket.Chat versions prior to 8.2.4 Rocket.Chat versions prior to 8.1.5 Rocket.Chat versions prior to 8.0.6 Rocket.Chat versions prior ...

6.7CVSS5.8AI score0.00243EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.11 views

CVE-2026-36719

An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs...

7.5CVSS5.5AI score0.00321EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:17 p.m.12 views

CVE-2026-36719

An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs...

7.5CVSS0.00321EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 12:0 a.m.35 views

CVE-2026-36719

An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs...

0.00321EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 12:0 a.m.8 views

CVE-2026-36719

An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs...

5.5AI score0.00321EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 12:0 a.m.19 views

CVE-2026-36719

AgentChat v2.3.0 contains an information disclosure vulnerability in the /api/v1/user/info endpoint. The flaw allows unauthenticated attackers to enumerate user IDs and access sensitive data, including SHA-256 password hashes. Publicly available documents do not provide a confirmed root cause or ...

7.5CVSS5.5AI score0.00321EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

AgentChat 安全漏洞

AgentChat is a multi-agent collaborative dialogue system based on large language models, developed by Shy25936636669. Version 2.3.0 of AgentChat contains a security vulnerability. This vulnerability stems from the/api/v1/user/info endpoint, which exposes information leakage vulnerabilities...

7.5CVSS5.2AI score0.00321EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 10:28 a.m.6 views

BIT-NEO4J-2026-1471 Caching of authentication context

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.1.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We recomme...

6.5CVSS5.8AI score0.00244EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 2:22 p.m.8 views

CVE-2020-37220 Huawei HG630 V2 Router Authentication Bypass via Serial Number

Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, th...

8.7CVSS5.8AI score0.00356EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 2:22 p.m.32 views

CVE-2020-37220 Huawei HG630 V2 Router Authentication Bypass via Serial Number

Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, th...

8.7CVSS0.00356EPSS
Exploits0References3
CVE
CVE
added 2026/05/13 2:22 p.m.15 views

CVE-2020-37220

Huawei HG630 V2 router is affected by an authentication-bypass vulnerability where an unauthenticated attacker can obtain administrative access by querying /api/system/deviceinfo to retrieve the SerialNumber and using its last 8 characters as the login password. The connected CVE entry provides t...

8.7CVSS5.8AI score0.00356EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.19 views

PT-2026-40621

Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, th...

8.7CVSS5.8AI score0.00356EPSS
Exploits0References4
Rows per page
Query Builder