Lucene search
+L

28 matches found

nuclei
nuclei
added 13 hours ago26 views

WordPress AI Engine Plugin - Token Exposure

Unauthenticated sensitive information exposure in AI Engine WordPress plugin = 3.1.3 exposes bearer tokens via REST API endpoints when No-Auth URL is enabled. id: CVE-2025-11749 info: name: WordPress AI Engine Plugin - Token Exposure author: 4m3rr0r severity: critical description: | Unauthenticat...

9.8CVSS7AI score0.75063EPSS
Exploits5References2
redhatcve
redhatcve
added 6 days ago8 views

CVE-2026-58207

A flaw was found in NATS Server. A client with the ability to send account-scoped connection monitoring requests could crash the server. This is achieved by providing pagination offset and limit values that cause an arithmetic overflow, leading to a Denial of Service DoS. Mitigation Upstream...

7.7CVSS6AI score0.0056EPSS
Exploits0References8
snyk
snyk
added 2026/07/08 10:38 p.m.5 views

Improper Authentication

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authentication in the parser fast path for inter-server connections, which applies a...

8.8CVSS6.1AI score0.00368EPSS
Exploits0References2
snyk
snyk
added 2026/07/08 10:38 p.m.5 views

Improper Authentication

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authentication in the parser fast path for inter-server connections, which applies ...

8.8CVSS6.1AI score0.00368EPSS
Exploits0References2
nvd
nvd
added 2026/07/08 9:16 p.m.8 views

CVE-2026-58211

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured noauthuser through a parser path used when the first client operation was not CONNECT, bypassing user-level connection...

5.4CVSS0.00292EPSS
Exploits0References1
osv
osv
added 2026/07/08 7:43 p.m.4 views

CVE-2026-58253 NATS Server: Route API Auth Bypass

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when noauthuser was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an...

8.8CVSS6.1AI score0.00368EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.6 views

PT-2026-56583

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description A flaw exists where a client can be registered as the configured no auth user via a parser path triggered when the initial client operation is not CONNECT...

5.4CVSS6.1AI score0.00292EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/06/05 7:50 p.m.11 views

CVE-2026-7113

A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument INSECURENOAUTH results in missing authentication. The attack can be...

6.3CVSS5.3AI score0.00362EPSS
Exploits0References1
vulncheck_kev
vulncheck_kev
added 2026/05/13 12:0 a.m.44 views

VulnCheck KEV: CVE-2026-41176

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.8CVSS5.8AI score0.34734EPSS
In wildExploits1References21
ptsecurity
ptsecurity
added 2026/04/27 12:0 a.m.11 views

PT-2026-35395

Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent version 0.8.0 Description A flaw in the Webhooks Endpoint component, specifically within the gateway/platforms/webhook.py file, allows for missing authentication. This occurs through the manipulation of the INSECURE N...

6.3CVSS6AI score0.00362EPSS
Exploits0References12
nvd
nvd
added 2026/04/23 12:16 a.m.5 views

CVE-2026-41176

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.8CVSS0.34734EPSS
Exploits1References6
cvelist
cvelist
added 2026/04/22 11:57 p.m.279 views

CVE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.2CVSS0.34734EPSS
Exploits1References3
github
github
added 2026/04/22 2:44 p.m.10 views

Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution

Summary The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. An unauthenticated attacker can set rc.NoAuth=true, which disables the authorization gate for many RC methods registered with...

9.8CVSS6.2AI score0.34734EPSS
Exploits1References5Affected Software1
osv
osv
added 2026/04/04 6:33 a.m.17 views

GHSA-CQFX-GF56-8X59 libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers

Summary found that libp2p-rendezvous server has no limit on how many namespaces a single peer can register. a malicious peer can just keep registering unique namespaces in a loop and the server happily accepts every single one allocating memory for each registration with no pushback. keep doing...

7.5CVSS5.5AI score0.00395EPSS
Exploits1References3
github
github
added 2026/03/25 5:30 p.m.9 views

@grackle-ai/powerline Runs Without Authentication by Default

Impact When --token is not provided and GRACKLEPOWERLINETOKEN is not set, the PowerLine gRPC server runs with zero authentication. A warning is logged "NO AUTH development only" but nothing prevents deployment in this state. Any client that can reach the PowerLine port can spawn agent sessions,...

5.9AI score
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2026/02/09 9:46 p.m.5 views

CVE-2026-25807 Unauthenticated Remote Code Execution via P2P Sharing in ZAI-Shell

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...

8.8CVSS6AI score0.0064EPSS
Exploits2References3
redhatcve
redhatcve
added 2026/01/09 9:28 a.m.9 views

CVE-2023-49805

Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket with Socket.io, but it does not verify that the source of communication is valid. This allows third-party website to access the application on behalf of their client. When connecting...

8.8CVSS6.7AI score0.00376EPSS
Exploits1References1
nvd
nvd
added 2025/11/05 6:15 a.m.26 views

CVE-2025-11749

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract th...

9.8CVSS0.75063EPSS
Exploits5References3
cvelist
cvelist
added 2025/11/05 5:31 a.m.20 views

CVE-2025-11749 AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract th...

9.8CVSS0.75063EPSS
Exploits5References3
cve
cve
added 2025/11/05 5:31 a.m.60 views

CVE-2025-11749

The WordPress AI Engine plugin (≤ 3.1.3) is vulnerable to unauthenticated sensitive information exposure via the REST API endpoints under /mcp/v1/ when No-Auth URL is enabled. This allows attackers to retrieve the Bearer Token, enabling session hijacking and actions such as creating an administra...

9.8CVSS6AI score0.75063EPSS
In wildExploits5References3
Rows per page
Query Builder