Lucene search
K

5293 matches found

CVE
CVE
added 2 days ago9 views

CVE-2026-62327

The vulnerability concerns 9Router up to version 0.4.41. An unauthenticated request to the Next.js API route /api/usage/stats is possible due to missing authentication middleware, leading to exposure of plaintext API keys for all connected AI provider accounts, along with token counts, costs and ...

9.3CVSS6.1AI score0.00371EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-62327 9Router 0.4.41 - Unauthenticated API Key Exposure via /api/usage/stats

9Router through version 0.4.41 contains an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit th...

9.3CVSS0.00371EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-43251

A vulnerability was found in Leantime up to 3.8.0. Affected is the function Setting::saveSetting of the component API. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early...

6.5CVSS6.2AI score0.00333EPSS
Exploits0References6
Fedora
Fedora
added 3 days ago10 views

[SECURITY] Fedora 43 Update: upower-1.91.3-2.fc43

UPower formerly DeviceKit-power provides a daemon, API and command line tools for managing power devices attached to the system...

6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-57577

Name of the Vulnerable Software and Affected Versions Leantime versions prior to 3.8.1 Description An improper authorization issue exists in the API component within the Setting::saveSetting function. This flaw allows a remote attacker to manipulate settings due to insufficient authorization...

6.5CVSS6.7AI score0.00333EPSS
Exploits0References9
CVE
CVE
added 5 days ago10 views

CVE-2026-55516

CVE-2026-55516 affects Snipe-IT prior to 8.6.2. A PATCH/PUT to /api/v1/maintenances/{maintenance_id} first validates access to the maintenance and asset, then accepts attacker-controlled asset_id, allowing an authorized user to re-parent a maintenance record to an asset outside their company scop...

7.7CVSS6.1AI score0.00218EPSS
Exploits0References3Affected Software1
Redos
Redos
added 5 days ago4 views

ROS-20260710-73-0003

The vulnerability of the Go programming language is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a remote attacker to cause service failures...

7.5CVSS6.1AI score0.01945EPSS
Exploits0
RedHat Linux
RedHat Linux
added 6 days ago2 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6.2AI score0.00813EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56765

Name of the Vulnerable Software and Affected Versions HCL DevOps Deploy / HCL Launch affected versions not specified Description HCL DevOps Deploy / HCL Launch may disclose sensitive configurations and secrets to authenticated users through API responses. This information leakage could be leverag...

6.5CVSS6.1AI score0.00379EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added last week4 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7AI score0.00615EPSS
Exploits0References8
Fedora
Fedora
added 2026/07/05 1:10 a.m.10 views

[SECURITY] Fedora 44 Update: python-streamlink-8.4.0-1.fc44

Streamlink is a command-line utility that pipes video streams from various services into a video player, such as VLC. The main purpose of Streamlink is to allow the user to avoid buggy and CPU heavy flash plugins but still be able to enjoy various streamed content. There is also an API available...

6.5CVSS5.9AI score0.00345EPSS
Exploits1
Fedora
Fedora
added 2026/07/05 12:52 a.m.9 views

[SECURITY] Fedora 43 Update: python-streamlink-8.4.0-1.fc43

Streamlink is a command-line utility that pipes video streams from various services into a video player, such as VLC. The main purpose of Streamlink is to allow the user to avoid buggy and CPU heavy flash plugins but still be able to enjoy various streamed content. There is also an API available...

6.5CVSS5.9AI score0.00345EPSS
Exploits1
NVD
NVD
added 2026/07/03 9:16 p.m.6 views

CVE-2026-14355

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS0.00306EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:50 p.m.6 views

CVE-2026-55113

A malicious actor with access to the network could exploit a Server-Side Request Forgery SSRF vulnerability found in UniFi Talk Application to execute a Denial of Service DoS attack and bypass authentication in certain UniFi Talk API endpoints...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.7 views

CVE-2026-54407

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 2:49 p.m.14 views

EUVD-2026-41379

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 2:49 p.m.16 views

CVE-2026-54407

The CVE-2026-54407 entry concerns UniFi Protect Application with an Improper Access Control flaw that allows bypassing authentication on certain API endpoints. The vulnerability enables an unauthenticated or improperly authenticated actor with network access to interact with protected UniFi Prote...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/01 4:16 p.m.39 views

CVE-2026-58029

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php,...

6.5CVSS0.00351EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 4:16 p.m.4 views

UBUNTU-CVE-2026-58027

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseFilters.Php. This issue affects AbuseFilter: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

6.5CVSS6.1AI score0.00371EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 3:19 p.m.29 views

CVE-2026-58029

CVE-2026-58029 affects Wikimedia Foundation MediaWiki and enables a full account takeover via BotPasswords and OAuth through action=changeauthenticationdata. Affected versions are MediaWiki: before 1.46.0, 1.45.4, 1.44.6, 1.43.9. The issue involves the API and Special pages: ApiChangeAuthenticati...

6.5CVSS5.8AI score0.00351EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder