Lucene search
+L

92 matches found

OSV
OSV
added 6 days ago5 views

CVE-2026-62242 Spring Boot Admin Server < 4.1.2 SSRF via Unauthenticated Instance Registration

Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attackers to register instances with attacker-controlled healthUrl and managementUrl parameters without validation against private IP ranges or metadata endpoints. Attackers can...

7.7CVSS6.2AI score0.00283EPSS
Exploits0References8
NVD
NVD
added 2026/07/10 9:16 p.m.39 views

CVE-2026-57219

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the obsolete GET /api/auth endpoint can disclose the OAuth 2 client secret on RabbitMQ installations configured with management.oauthclientsecret, exposing credentials to unauthenticated callers when the...

8.7CVSS0.00359EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.11 views

PT-2026-56623

Name of the Vulnerable Software and Affected Versions Generic OEM UZ801 v2.1 4G LTE Router version 3.4.3 Description A remote attacker can execute arbitrary code through the /ajax web management API endpoint located within the MifiService.apk component. Recommendations At the moment, there is no...

9.8CVSS6.4AI score0.00515EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/08 12:0 a.m.32 views

CVE-2026-52200

An issue in Generic OEM UZ801v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the /ajax web management API endpoint in MifiService.apk...

0.00515EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 10:16 p.m.15 views

CVE-2026-50200

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, the Sanitizer component in the Environment actuator...

7.5CVSS0.00185EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.10 views

CVE-2026-7502

A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the component Management Endpoint. The manipulation leads to authorization bypass. The attack can be initiated...

5.5CVSS5.4AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.14 views

CVE-2026-10236

A vulnerability has been found in SourceCodester Water Billing Management System 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save of the component User Management Endpoint. Such manipulation leads to improper authorization. The attack may be launched remotely...

7.5CVSS6.7AI score0.00371EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.13 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from a broadcast event that allows malware to overwrite the device’s default mobile device management endpoint address, potentially...

9.3CVSS5.3AI score0.00098EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:30 a.m.10 views

CVE-2026-10236

A vulnerability has been found in SourceCodester Water Billing Management System 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save of the component User Management Endpoint. Such manipulation leads to improper authorization. The attack may be launched remotely...

7.5CVSS6.7AI score0.00371EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

SourceCodester Water Billing Management System 授权问题漏洞

The SourceCodester Water Billing Management System is an open-source water billing management system developed by SourceCodester. Version 1.0 of the SourceCodester Water Billing Management System has a vulnerability related to authorization issues. This vulnerability stems from a problem with the...

7.5CVSS7.3AI score0.00371EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.22 views

PT-2026-45346

Name of the Vulnerable Software and Affected Versions SourceCodester Water Billing Management System version 1.0 Description Improper authorization occurs due to the processing of the '/classes/Users.php?f=save' endpoint within the User Management Endpoint component. This issue allows a remote...

7.5CVSS7.1AI score0.00371EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/29 2:46 p.m.14 views

EUVD-2018-21919

PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST...

6.9CVSS5.7AI score0.00162EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/26 10:48 p.m.6 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the windowsMDMManagement endpoint. An attacker can gain unauthorized access to management functionality by bypassing authentication mechanisms. Remediation Upgrade github.com/fleetdm/fleet/v4/pkg/mdm/mdmtest ...

8.2CVSS5.8AI score0.00214EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/26 10:48 p.m.8 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the windowsMDMManagement endpoint. An attacker can gain unauthorized access to management functionality by bypassing authentication mechanisms. Remediation Upgrade...

8.2CVSS5.8AI score0.00214EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/26 10:48 p.m.7 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the windowsMDMManagement endpoint. An attacker can gain unauthorized access to management functionality by bypassing authentication mechanisms. Remediation Upgrade github.com/fleetdm/fleet/v4/server/service t...

8.2CVSS5.8AI score0.00214EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/26 10:48 p.m.8 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the windowsMDMManagement endpoint. An attacker can gain unauthorized access to management functionality by bypassing authentication mechanisms. Remediation Upgrade github.com/fleetdm/fleet/server/service to...

8.2CVSS5.8AI score0.00214EPSS
Exploits0References3
OSV
OSV
added 2026/05/26 10:48 p.m.11 views

GO-2026-5002 Windows MDM management endpoint authentication bypass in github.com/fleetdm/fleet/v4

Windows MDM management endpoint authentication bypass in github.com/fleetdm/fleet/v4...

8.2CVSS5.8AI score0.00214EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 6:48 p.m.15 views

EUVD-2026-30368

Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled...

8.2CVSS5.8AI score0.00214EPSS
Exploits0References2
NVD
NVD
added 2026/04/30 10:16 p.m.6 views

CVE-2026-7502

A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the component Management Endpoint. The manipulation leads to authorization bypass. The attack can be initiated...

5.5CVSS0.00255EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/30 9:15 p.m.3 views

CVE-2026-7502 LinkStackOrg LinkStack Management Endpoint UserController.php saveLink authorization

A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the component Management Endpoint. The manipulation leads to authorization bypass. The attack can be initiated...

5.5CVSS5.6AI score0.00255EPSS
Exploits0References7
Rows per page
Query Builder