Lucene search
K

86 matches found

RedhatCVE
RedhatCVE
added 2025/12/29 10:38 a.m.5 views

CVE-2025-15132

A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2apiopen of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has...

8.8CVSS7AI score0.06692EPSS
Exploits1References1
Veracode
Veracode
added 2025/12/13 4:38 a.m.7 views

Missing Authorization

PowerJob is vulnerable to Missing Authorization. The vulnerability is due to insufficient authorization checks in the /openApi/runJob endpoint of OpenAPIController, allowing remote attackers to invoke job execution without proper authentication or authorization...

7.5CVSS6.3AI score0.00426EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2025/11/29 2:15 a.m.10 views

CVE-2025-66201

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...

8.6CVSS0.00255EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/29 1:26 a.m.3 views

CVE-2025-66201 LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...

8.6CVSS6.3AI score0.00255EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/29 12:0 a.m.10 views

PT-2025-48355

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.1-rc2 Description LibreChat, a ChatGPT clone with additional features, contains a Server-side Request Forgery SSRF issue in its "Actions" feature. An authenticated user with access to this feature can exploit th...

8.6CVSS6.5AI score0.00255EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2025/11/27 3:49 p.m.7 views

@medusajs/inventory (>=1.1.0-20230320210331 <=1.1.0-snapshot-20230320172940), @medusajs/medusa-oas-cli (>=0.2.0-20230320210331 <=2.11.4-preview-20251124000311) +2 more potentially affected by unknown CVE via @medusajs/medusa (>=2.0.0-next-20230310121604 <=2.11.4-preview-20251124000311)

@medusajs/medusa NPM version =2.0.0-next-20230310121604, =1.1.0-20230320210331, =0.2.0-20230320210331, =0.0.6, =0.0.2, =0.0.4 Source cves: unknown CVE Source advisory: SNYK:JS-MEDUSAJSMEDUSA-14137960...

5.8AI score
Exploits0
Snyk
Snyk
added 2025/10/23 3:30 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to improper access control to OpenAPI. An attacker can retrieve sensitive OpenAPI YAML files by sending a specially crafted URL. Remediation Upgrade com.liferay:com.liferay.portal.security.auth.verifier to...

6.9CVSS6.7AI score0.00384EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/23 1:41 p.m.4 views

EUVD-2025-35684

Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers...

6.9CVSS6.3AI score0.00384EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.6 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

6.9CVSS6.4AI score0.00384EPSS
Exploits0References1
CVE
CVE
added 2025/10/10 7:2 p.m.14 views

CVE-2025-11581

PowerJob (up to version 5.1.2) contains a security vulnerability in the OpenAPIController’s /openApi/runJob endpoint. The issue is due to missing authorization in that code path, allowing a remote attacker to manipulate the request without authentication. Multiple connected sources (NVD, Red Hat ...

7.5CVSS6.6AI score0.00426EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-0659

Malware in sbrugna...

8.8CVSS8.6AI score0.01705EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-32396

Malicious code in bioql PyPI...

6.5CVSS6.1AI score0.00379EPSS
Exploits0References2
Akamai Blog
Akamai Blog
added 2025/08/19 10:20 a.m.5 views

OpenAPI Documentation for Spin Apps with Rust

Learn how to create, customize, and serve OpenAPI Documentation from within Spin apps written in Rust...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:19 a.m.3 views

CVE-2023-23619

Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue...

9.9CVSS9AI score0.01064EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:35 a.m.30 views

CVE-2023-23857

Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services...

9.9CVSS6.7AI score0.00544EPSS
Exploits0References1
OSV
OSV
added 2025/03/19 6:53 p.m.7 views

DRUPAL-CONTRIB-2025-025

This module can be used to render Open API Documentation using the RapiDoc library. The module provides a custom formatter for link fields. Drupal core does not sufficiently sanitize link element attributes, which can lead to a Cross Site Scripting vulnerability XSS. A separate fix for Drupal cor...

6.1CVSS6.3AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.9 views

PT-2024-5072 · Nozomi · Nozomi Central Management Console +1

Name of the Vulnerable Software and Affected Versions: Nozomi Guardian and Nozomi Central Management Console CMC affected versions not specified OpenAPI affected versions not specified Description: The issue is related to insufficient protection of audit records for OpenAPI requests, which may...

9CVSS6.8AI score0.0057EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.3 views

Nozomi Networks Guardian/CMC 安全漏洞

Nozomi Networks Guardian/CMC is a centralized management console from Nozomi Networks, USA. A security vulnerability exists in Nozomi Networks Guardian/CMC versions prior to v23.4.1 that stems from an audit log of an OpenAPI request that may contain sensitive information, which could lead to...

7.5CVSS6.5AI score0.0057EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/20 12:0 a.m.4 views

PT-2023-23343 · Steelseries · Steelseries Gg

Name of the Vulnerable Software and Affected Versions: SteelSeries GG version 36.0.0 Description: The issue allows attackers to exploit an open API listener to create a sub-application that will be executed automatically from a controlled location, due to a path traversal vulnerability...

7.5CVSS7.5AI score0.00828EPSS
Exploits1References4
OSV
OSV
added 2023/06/28 3:15 p.m.3 views

CVE-2023-20136

A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper...

6.5CVSS5.9AI score0.00517EPSS
Exploits0References1
Rows per page
Query Builder