Lucene search
K

380 matches found

RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.7 views

CVE-2026-40525

OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...

9.1CVSS5.8AI score0.00571EPSS
Exploits1References1
Wiz blog
Wiz blog
added 2026/04/20 6:20 p.m.6 views

Context.ai OAuth Token Compromise

Compromised Context.ai OAuth tokens enabled attackers to perform a supply chain attack via trusted SaaS integrations. Learn how to assess the risk in your environment and how to prevent the next attack...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/18 8:40 a.m.6 views

BIT-GRAFANA-2025-12141 Grafana Alerting Editors can edit destination of webhooks they did not create

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit...

6.5CVSS5.7AI score0.00255EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/04/18 8:7 a.m.10 views

[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data

In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI age...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/17 9:31 p.m.5 views

GHSA-JGQ2-VQ69-GR6H OpenViking: Unauthenticated remote bot control via OpenAPI HTTP routes

OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...

9.1CVSS5.8AI score0.00571EPSS
Exploits1References6
Snyk
Snyk
added 2026/04/16 10:38 p.m.4 views

Cross-site Request Forgery (CSRF)

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the Client integrations due to the lack of CSRF protection for cash parameters. An attacker can perform unauthorized actions on behalf...

5.9CVSS5.5AI score0.00106EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/15 6:31 p.m.4 views

EUVD-2025-209475

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit...

5.3CVSS5.8AI score0.00255EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.9 views

PT-2026-33063

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description In the alerting system, users with specific edit permissions for a contact point, such as alert.notifications:write or alert.notifications.receivers:test granted via the Contact Point Writer...

6.5CVSS5.7AI score0.00255EPSS
Exploits0References15
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/13 3:25 p.m.9 views

Malicious code in @aircall-ecosystem/integrations-msteams-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4343cd15bb1d3104166b2ddf4f549bc184fde49233b5cfba97f353f00a8c2a2e The package @aircall-ecosystem/integrations-msteams-frontend was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/04/13 3:25 p.m.6 views

MAL-2026-2573 Malicious code in @aircall-ecosystem/integrations-msteams-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4343cd15bb1d3104166b2ddf4f549bc184fde49233b5cfba97f353f00a8c2a2e The package @aircall-ecosystem/integrations-msteams-frontend was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/27 1:38 p.m.4 views

MAL-2026-2265 Malicious code in monolith-twirp-codingagentintegrations-codingagentintegrations (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 24ecd94ab40a4a1b574b48137b92d60ad65d610301ee07661c928706bd54c81b The OpenSSF Package Analysis project identified 'monolith-twirp-codingagentintegrations-codingagentintegrations' @ 1.0.2 rubygems as malicious. ...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.7 views

CVE-2026-30945

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the DELETE /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user with editor privileges or above to revoke API tokens belonging to any other user, including admin and owner...

7.1CVSS5.8AI score0.00452EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-25430 WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Mailchimp and Contact Form 7, WPForms, Elementor,...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/09 8:1 a.m.4 views

CVE-2026-27796

Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service...

7.5CVSS5.7AI score0.004EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.8 views

PT-2026-23829

Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service...

5.3CVSS5.7AI score0.004EPSS
Exploits1References4
OSV
OSV
added 2026/03/05 12:20 a.m.5 views

GHSA-95V5-PRP4-5GV5 Backstage vulnerable to potential reading of SCM URLs using built in token

Impact A vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that construct API URLs, the traversal segments could redirect requests to unintended...

2.7CVSS5.9AI score0.00348EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/03 2:41 a.m.5 views

CVE-2026-20801

Cleartext Transmission of Sensitive Information CWE-319 in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration...

5.6CVSS5.9AI score0.00102EPSS
Exploits0References2
CVE
CVE
added 2026/02/26 2:58 p.m.26 views

CVE-2026-26077

CVE-2026-26077 – Discourse webhook authentication bypass . Affects Discourse prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, where several webhook endpoints (SendGrid, Mailjet, Mandrill, Postmark, SparkPost) in the WebhooksController accepted requests without a valid authentication token whe...

6.5CVSS5.3AI score0.0024EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/23 1:24 a.m.3 views

CVE-2026-24494 SQL injection vulnerability in Order Up Online Ordering System

SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via a crafted storeid parameter in a POST request...

9.8CVSS5.9AI score0.00364EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.9 views

Online Ordering System 安全漏洞

The Online Ordering System is a multi-store ordering system developed by Janobe’s individual developer. It can be used by any small business. Version 1.0 of the Online Ordering System has a security vulnerability. This vulnerability stems from the API/integrations/getintegrations endpoint, where...

9.8CVSS5.8AI score0.00364EPSS
Exploits0References1
Rows per page
Query Builder