Lucene search
K

143 matches found

OSV
OSV
added 2026/03/18 5:47 p.m.6 views

CVE-2026-32632 Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent...

5.9CVSS6AI score0.0016EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/18 5:18 a.m.2 views

CVE-2026-32596 Glances exposes the REST API without authentication

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys,...

8.7CVSS5.8AI score0.0155EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/18 5:18 a.m.2 views

CVE-2026-32596

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys,...

8.7CVSS5.8AI score0.0155EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-32632

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5....

5.9CVSS5.2AI score0.0016EPSS
Exploits1References3
OSV
OSV
added 2026/03/11 9:38 p.m.4 views

CVE-2026-32131 ZITADEL Cross-Tenant Information Disclosure in Management API

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token e.g., project.read, project.grant.read, or project.app.read to retrieve...

7.7CVSS5.7AI score0.00393EPSS
Exploits0References5
OSV
OSV
added 2026/03/09 8:16 p.m.6 views

DEBIAN-CVE-2026-0846

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

7.5CVSS8.1AI score0.00428EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/05 7:50 p.m.3 views

EUVD-2026-9854

Gogs: Access tokens get exposed through URL params in API requests...

6.9CVSS5.9AI score0.00254EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.9 views

PT-2026-22732

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.9 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.11.7 WatchGuard Fireware OS versions 2025.1 through 2026.1.1 Description An Out-of-bounds Write vulnerability exists in WatchGuard...

8.6CVSS6.2AI score0.00765EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2026/02/26 7:53 p.m.6 views

Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users

Summary A vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources associated with the service account. Impact Fleet returns configuration da...

6.5CVSS5.5AI score0.00241EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/26 2:54 a.m.24 views

CVE-2026-27465 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...

5.3CVSS0.00241EPSS
Exploits0References1
CVE
CVE
added 2026/02/25 9:25 p.m.18 views

CVE-2026-2694

Affected software: The Events Calendar WordPress plugin. Vulnerability: Improper authorization due to inadequate capability checks on can_edit and can_delete, affecting all versions up to and including 6.15.16. Impact: Authenticated users with Contributor-level access and above can update or tras...

5.4CVSS5.4AI score0.00227EPSS
Exploits0References6
Snyk
Snyk
added 2026/02/24 3:26 a.m.4 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference when processing a malformed PFCP SessionReportRequest in the process when ReportType.USAR is set to 1 and the UsageReport omits the mandatory URRID sub-IE. An attacker can cause the service to panic and terminat...

8.7CVSS5.9AI score0.00302EPSS
Exploits1References2
OSV
OSV
added 2026/02/11 9:5 p.m.7 views

CVE-2026-26010 Leaky JWTs in OpenMetadata exposing highly-privileged bot users

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres. Any read-only user can gain access to a highly privileged account, typically which has the...

7.6CVSS5.5AI score0.00331EPSS
Exploits1References4
NVD
NVD
added 2026/02/06 11:15 p.m.12 views

CVE-2026-25803

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

9.8CVSS0.00364EPSS
Exploits0References2
CVE
CVE
added 2026/02/03 9:26 p.m.14 views

CVE-2026-1341

Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control, allowing an attacker to take full control of the device. The issue, documented across multiple sources (NVD, Red Hat, ENISA EUVD, CVE listing), indicates a network-accessible int...

9.3CVSS5.3AI score0.00494EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/21 12:4 p.m.9 views

EUVD-2026-3683

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...

2.7CVSS5.4AI score0.0032EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/21 12:4 p.m.19 views

CVE-2025-14083 Keycloak-server: keycloak: improper access control in admin rest api leads to information disclosure

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...

2.7CVSS0.0032EPSS
Exploits0References4
Huntr
Huntr
added 2025/12/27 5:2 p.m.28 views

Job API exposed without authorization

This report is not public...

9.8CVSS5.9AI score0.04392EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/12/17 7:48 p.m.3 views

CVE-2025-34442 AVideo < 20.1 System Path Disclosure via Public API

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

6.9CVSS6.5AI score0.00731EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/12/17 7:48 p.m.2 views

CVE-2025-34441 AVideo < 20.1 User Information Disclosure via Public API

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

6.9CVSS6.2AI score0.00731EPSS
Exploits2References4
Rows per page
Query Builder