Lucene search
K

38 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-43548

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...

8.7CVSS6.1AI score0.00371EPSS
Exploits0References3
NVD
NVD
added 2 days ago9 views

CVE-2026-62328

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...

8.7CVSS0.00371EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-62328 9Router 0.4.41 - Unauthenticated Information Disclosure via API Usage Endpoints

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...

8.7CVSS0.00371EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-62328

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...

8.7CVSS6.1AI score0.00371EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/06 9:22 p.m.4 views

Missing Authorization

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Missing Authorization due to missing authentication checks on several API endpoints, including /api/providers, /api/usage/stats, /api/usage/request-logs, and...

9.8CVSS6AI score0.00521EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 9:22 p.m.10 views

GHSA-VJC7-JRH9-9J86 9router has unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats

--- title: Unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats product: 9Router version: = 0.4.41 severity: critical cverequest: true --- Summary Multiple critical API security vulnerabilities were discovered in 9Router's Next.js dashboard. The /api/providers endpoin...

10CVSS6.1AI score0.00521EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 9:16 p.m.7 views

CVE-2026-52795

Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...

4.3CVSS0.00168EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.11 views

CVE-2026-4646

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...

4.3CVSS5.4AI score0.0025EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 10:25 a.m.31 views

CVE-2026-4646

Mattermost has an input-validation flaw in the API request handlers used by the PR details endpoint. Affected versions are 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, and 10.11.x

4.3CVSS5.8AI score0.0025EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/05 4:42 p.m.33 views

CVE-2025-66511 Nextcloud Calendar app used predictable proposal participant tokens

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

4.8CVSS0.00255EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-27406

Malware in sbrugna...

5.4CVSS5.6AI score0.00627EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-16555

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.00279EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28904

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00309EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-28898

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00193EPSS
Exploits0References2
OSV
OSV
added 2025/09/11 12:15 p.m.7 views

CVE-2025-40695

Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'remark', 'status' and 'takeaction' parameters via POST at the endpoint '/ofrs/admin/request-details.php'. This...

5.4CVSS5.9AI score0.00193EPSS
Exploits0References1
NVD
NVD
added 2025/09/11 12:15 p.m.6 views

CVE-2025-40689

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'remark', 'status' and 'requestid' parameters in the endpoint '/ofrs/admin/request-details.php'...

9.8CVSS0.00309EPSS
Exploits0References1
OSV
OSV
added 2025/09/11 12:15 p.m.5 views

CVE-2025-40689

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'remark', 'status' and 'requestid' parameters in the endpoint '/ofrs/admin/request-details.php'...

9.8CVSS5.9AI score0.00309EPSS
Exploits0References1
CVE
CVE
added 2025/09/11 11:46 a.m.25 views

CVE-2025-40695

The CVE-2025-40695 affects the Online Fire Reporting System (OFRS) v1.2. A stored XSS exists in the /ofrs/admin/request-details.php endpoint due to insufficient validation of POST parameters remark, status, and takeaction. This authenticated vulnerability could allow a remote attacker to inject s...

5.4CVSS5.1AI score0.00193EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/11 11:21 a.m.2 views

CVE-2025-40689 SQL injection in PHPGurukul Online Fire Reporting System

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'remark', 'status' and 'requestid' parameters in the endpoint '/ofrs/admin/request-details.php'...

9.3CVSS7.5AI score0.00309EPSS
Exploits0References1
Rows per page
Query Builder