Lucene search
K

243 matches found

CVE
CVE
added 2026/03/25 8:10 p.m.24 views

CVE-2026-33222

NATS-Server (JetStream) contains an authorization bypass via the JetStream management API: users with JetStream admin API access to restore one stream could restore to other stream names, risking data overwrite across streams. Affected versions are prior to 2.11.15 and 2.12.6. The fixed releases ...

4.9CVSS5.8AI score0.00306EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/25 4:8 p.m.19 views

CVE-2026-20114

A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. This vulnerability exists because...

5.4CVSS0.00284EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

Cisco IOS XE Software 安全漏洞

Cisco IOS XE Software is a network operating system developed by the American company Cisco. There is a security vulnerability in Cisco IOS XE Software, which stems from insufficient validation of API endpoint parameters. This vulnerability could allow authenticated remote attackers to gain...

5.4CVSS7.5AI score0.00284EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/11 9:38 p.m.2 views

EUVD-2026-11410

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token e.g., project.read, project.grant.read, or project.app.read to retrieve...

7.7CVSS5.7AI score0.00393EPSS
Exploits0References3
CVE
CVE
added 2026/03/11 9:38 p.m.11 views

CVE-2026-32131

CVE-2026-32131 affects Zitadel's Management API prior to versions 3.4.8 and 4.12.2. An authenticated user with a low-privilege token (e.g., project.read, project.grant.read, or project.app.read) could retrieve management-plane information for other organizations by specifying a different tenant’s...

7.7CVSS5.7AI score0.00393EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24854

🚨 CVE-2026-32131 ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token e.g., project.read, project.grant.read, or project.app.read to...

7.7CVSS5.7AI score0.00393EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.6 views

ZITADEL 安全漏洞

ZITADEL is an open-source identity and access management platform developed by ZITADEL in Switzerland. Versions of ZITADEL prior to 3.4.8 and 4.12.2 contained security vulnerabilities. These vulnerabilities were due to access control issues in the Management API, which could allow verified users...

7.7CVSS5.8AI score0.00393EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 9:1 p.m.12 views

CVE-2026-28352

CVE-2026-28352 affects Indico (event management system) prior to 3.3.11. The vulnerability is an missing access check in the API endpoint that manages event series, enabling unauthenticated/unauthorized access to metadata (title, category chain, start/end date) for events in an existing series, a...

6.5CVSS5.9AI score0.00264EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.8 views

Caddy 跨站请求伪造漏洞

Caddy is an open-source, cross-platform HTTP/Web server developed by the Caddy company. Versions of Caddy prior to 2.11.1 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the local Caddy management API accepting cross-domain requests when source forcing was n...

8.2CVSS5.7AI score0.00166EPSS
Exploits1References4
OSV
OSV
added 2026/02/17 9:22 p.m.3 views

CVE-2026-23596

A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/17 8:46 p.m.5 views

CVE-2026-23596

A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability...

6.5CVSS5.7AI score0.00242EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.8 views

HPE Aruba Networking Private 5G Core 安全漏洞

HPE Aruba Networking Private 5G Core is a 5G core component developed by the American company HPE. There is a security vulnerability present in HPE Aruba Networking Private 5G Core, which stems from a flaw in the management API. This vulnerability could allow unverified remote attackers to trigge...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References1
NVD
NVD
added 2026/02/11 6:16 p.m.6 views

CVE-2025-65128

A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "nocommit" and supplying the...

8.1CVSS0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.7 views

PT-2026-7623

Name of the Vulnerable Software and Affected Versions Shenzhen Zhibotong Electronics ZBT WE2001 version 23.09.27 Description A flaw exists in the web management API components that allows unauthenticated attackers on the local network to modify router and network configurations. Attackers can...

5.4AI score0.00263EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/11 12:0 a.m.24 views

CVE-2025-65128

A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "nocommit" and supplying the...

0.00263EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.5 views

Tildeslash M/Monit Security Vulnerability

Tildeslash M/Monit is a server monitoring and management tool developed by Tildeslash Inc. Version 3.7.4 of Tildeslash M/Monit contains a security vulnerability. This vulnerability stems from an authentication flaw in the management API endpoints, which could lead to the retrieval of user passwor...

7.1CVSS5.8AI score0.0042EPSS
Exploits1References3
Wolfi
Wolfi
added 2026/01/26 1:54 p.m.4 views

GHSA-QQPG-MVQG-649V vulnerabilities

Vulnerabilities for packages: keycloak-config-cli, management-api-for-apache-cassandra-5.0, akhq, cassandra, nextflow, cassandra-reaper, apache-nifi-registry, zookeeper, kserve-modelmesh, dependency-track, sonarqube, trino, sonar-scanner-cli, apache-nifi...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2026/01/26 1:54 p.m.7 views

CVE-2026-1225 vulnerabilities

Vulnerabilities for packages: keycloak-config-cli, management-api-for-apache-cassandra-5.0, akhq, cassandra, nextflow, cassandra-reaper, apache-nifi-registry, zookeeper, kserve-modelmesh, dependency-track, sonarqube, trino, sonar-scanner-cli, apache-nifi...

1.8CVSS6.4AI score0.00159EPSS
Exploits0
Chainguard
Chainguard
added 2026/01/26 1:17 p.m.10 views

GHSA-QQPG-MVQG-649V vulnerabilities

Vulnerabilities for packages: trino, sonarqube, knative-kafka-broker, localstack, akhq, cassandra, zookeeper, zookeeper-fips, keycloak-config-cli, apache-nifi, apache-nifi-registry, nacos, nacos-docker, sonar-scanner-cli, kafbat-ui, management-api-for-apache-cassandra-4.0, kserve-modelmesh,...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/01/26 1:17 p.m.9 views

CVE-2026-1225 vulnerabilities

Vulnerabilities for packages: trino, sonarqube, knative-kafka-broker, localstack, akhq, cassandra, zookeeper, zookeeper-fips, keycloak-config-cli, apache-nifi, apache-nifi-registry, nacos, nacos-docker, sonar-scanner-cli, kafbat-ui, management-api-for-apache-cassandra-4.0, kserve-modelmesh,...

1.8CVSS6.4AI score0.00159EPSS
Exploits0
Rows per page
Query Builder