Lucene search
K

8 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-57475

Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. These additions were not used by the system. On 2026-03-25, AI Assist for Customer restricted network access an...

6.9CVSS0.0034EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-57994 phpMyFAQ - Information Disclosure of Inactive FAQ Content via Public API Endpoints

phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, allowing unauthenticated attackers to retrieve inactive draft or review-only FAQ content. Specifically, GET /api/v3.1/faq/categoryId/faqId returns the inactive FAQ title and...

6.9CVSS0.00214EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 5:17 p.m.11 views

CVE-2026-54307

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to...

9.6CVSS0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/26 3:10 p.m.11 views

CVE-2025-52023

A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...

5.3CVSS5.9AI score0.00407EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.9 views

phpMyFAQ information leakage vulnerability

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ 4.0.16 and earlier contained an information leakage vulnerability. This vulnerability was caused by insufficient access control, allowing sensitive user information to be exposed through...

7.5CVSS5.8AI score0.00375EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/23 12:0 a.m.5 views

CVE-2025-52023

A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...

5.3CVSS5.9AI score0.00407EPSS
Exploits0References4
CVE
CVE
added 2026/01/23 12:0 a.m.21 views

CVE-2025-52023

CVE-2025-52023 affects the PHP backend of gemscms.aptsys.com.sg (thru 2025-05-28). The vulnerability allows unauthenticated remote attackers to trigger detailed error messages that reveal internal file paths, code snippets, and stack traces when hitting public API endpoints via crafted HTTP GET/P...

5.3CVSS5.7AI score0.00407EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/23 12:0 a.m.25 views

CVE-2025-52022

A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to publ...

0.00407EPSS
Exploits0References1
Rows per page
Query Builder