Lucene search
K

88 matches found

EUVD
EUVD
added 2026/06/30 4:1 p.m.10 views

EUVD-2026-40365

The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML documents from the model. From 2.0.0-preview11 until 2.7.5 and 3.5.4, a small OpenAPI document containing a circular schema reference can cause proce...

7.5CVSS5.8AI score0.00695EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-438 OpenViking: Unauthenticated remote bot control via OpenAPI HTTP routes

OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...

9.1CVSS5.8AI score0.00571EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48887

Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints...

5.4AI score0.00221EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 6:18 p.m.7 views

CVE-2026-46391

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct substring-only matching to validate hostnames to which basic authorization should be sent. An attacker can append the...

8.7CVSS5.5AI score0.00457EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

open-apis 代码问题漏洞

open-apis is a microservice API within the HAX The Web open-source HAX network component repository. Versions of open-apis from 9.0.1 to 26.0.0 had code-related vulnerabilities. These vulnerabilities stemmed from multiple functions performing substring matching hostname only, which could allow...

8.7CVSS5.3AI score0.00457EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/28 8:38 p.m.34 views

CVE-2026-45366 typescript-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTT...

4.7CVSS0.00122EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

Universal Tool Calling Protocol 代码问题漏洞

Universal Tool Calling Protocol is an official Python implementation of the UTCP open-source protocol. Versions of Universal Tool Calling Protocol prior to 1.1.2 had code vulnerabilities. These vulnerabilities stemmed from the @utcp/http package’s blind SRFI vulnerability. The registerManual...

4.7CVSS5.9AI score0.00122EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.11 views

RHEL 9 : python3.9 (RHSA-2026:21682)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21682 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

9.1CVSS6.5AI score0.00579EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.10 views

JeecgBoot 授权问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Version 3.9.1 of JeecgBoot contains an authorization vulnerability. This vulnerability stems from an unknown handling of files in the OpenAPI Endpoint component, which may lead to...

6.3CVSS5.8AI score0.00357EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/20 9:48 a.m.11 views

Important: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.1CVSS7.8AI score0.00579EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:12 p.m.8 views

CVE-2026-44661

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS /...

4.7CVSS5.8AI score0.00168EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/11 5:49 p.m.4 views

CVE-2026-43995 Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients node-fetch, axios instead of using the secured wrapper. These tools include 1 OpenAPIToolkit/OpenAPIToolkit.ts, 2...

5.3CVSS5.9AI score0.00396EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.17 views

PT-2026-39567

A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function OpenAPI list create of the component SMF. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The project was informe...

5.3CVSS5.4AI score0.00372EPSS
Exploits1References6
Fedora
Fedora
added 2026/05/10 2:55 a.m.34 views

[SECURITY] Fedora 44 Update: python-pulp-glue-0.37.0-5.fc44

pulp-glue is a library to ease the programmatic communication with the Pulp3 API. It helps to abstract different resource types with so called contexts and allows to build or even provides complex workflows like chunked upload or waiting on tasks. It is built around an openapi3 parser to provide...

5.5CVSS5.8AI score0.00182EPSS
Exploits0
Snyk
Snyk
added 2026/05/07 10:32 p.m.13 views

Server-side Request Forgery (SSRF)

Overview utcp-http is an UTCP communication protocol plugin for HTTP, SSE, and streamable HTTP, plus an OpenAPI converter. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the calltool and calltoolstreaming functions when attacker-controlled URLs from OpenA...

4.7CVSS5.8AI score0.00168EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/03 3:0 a.m.18 views

EUVD-2026-26810

A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java of the component Tool Download Endpoint. The manipulation of the argument...

5.3CVSS5.4AI score0.00365EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/30 2:47 p.m.15 views

CVE-2026-7306

A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument defaulttok...

6.3CVSS5.1AI score0.00327EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/28 7:30 p.m.6 views

EUVD-2026-26150

A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument defaulttok...

6.3CVSS5.1AI score0.00327EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/28 7:30 p.m.32 views

CVE-2026-7306 Xuxueli xxl-job OpenAPI Endpoint OpenApiController.java hard-coded key

A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument defaulttok...

6.3CVSS0.00327EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.12 views

XXL-JOB 加密问题漏洞

XXL-JOB is a distributed task scheduling platform developed by xuxueli as an individual project. Versions of XXL-JOB 3.3.2 and earlier contained a security vulnerability related to encryption. This vulnerability stemmed from an unknown function parameter in the component’s OpenAPI Endpoint,...

6.3CVSS6.2AI score0.00327EPSS
Exploits0References1
Rows per page
Query Builder