Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/05/18 2:20 p.m.17 views

Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass

Neotoma versions starting at v0.6.0 can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolve unauthenticated requests as the local development user, making the...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/18 2:20 p.m.6 views

GHSA-5CVP-P7P4-MCX9 Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass

Neotoma versions starting at v0.6.0 can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolve unauthenticated requests as the local development user, making the...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/21 7:40 p.m.36 views

CVE-2026-40885 goshs: Public collaborator feed leaks .goshs ACL credentials and enables unauthorized access

goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global basic auth. Requests to .goshs-protected folders are logged before authorization is enforced, and th...

7.7CVSS0.00311EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/11 12:24 a.m.14 views

Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access

Description: Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges RFC 1918, localhost, or cloud metadata endpoints. This enables...

8.8CVSS5.8AI score0.023EPSS
Exploits1References3Affected Software2
CNNVD
CNNVD
added 2022/07/29 12:0 a.m.5 views

GitLab CE/EE 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE that stems from improper acces...

4.3CVSS5.2AI score0.00731EPSS
Exploits0References5
Rows per page
Query Builder