Lucene search
+L

28 matches found

EUVD
EUVD
added 3 days ago4 views

EUVD-2026-43548

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...

8.7CVSS6.1AI score0.00371EPSS
Exploits0References3
NVD
NVD
added 4 days ago9 views

CVE-2026-62328

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...

8.7CVSS0.00371EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-62328

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...

8.7CVSS6.1AI score0.00371EPSS
Exploits0References3
CVE
CVE
added 4 days ago9 views

CVE-2026-62328

Summary: CVE-2026-62328 affects 9Router up to version 0.4.41 and describes an unauthenticated information-disclosure vulnerability exposed via unprotected API endpoints. Attackers can remotely query the request-logs and request-details routes (which lack authentication middleware) to enumerate pa...

8.7CVSS6.1AI score0.00371EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-62328 9Router 0.4.41 - Unauthenticated Information Disclosure via API Usage Endpoints

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...

8.7CVSS0.00371EPSS
Exploits0References2
OSV
OSV
added 4 days ago3 views

CVE-2026-62328 9Router 0.4.41 - Unauthenticated Information Disclosure via API Usage Endpoints

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...

8.7CVSS6.1AI score0.01905EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/06 9:22 p.m.8 views

Missing Authorization

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Missing Authorization due to missing authentication checks on several API endpoints, including /api/providers, /api/usage/stats, /api/usage/request-logs, and...

9.8CVSS6.1AI score0.01905EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 9:22 p.m.11 views

GHSA-VJC7-JRH9-9J86 9router has unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats

--- title: Unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats product: 9Router version: = 0.4.41 severity: critical cverequest: true --- Summary Multiple critical API security vulnerabilities were discovered in 9Router's Next.js dashboard. The /api/providers endpoin...

10CVSS6.1AI score0.01905EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:20 p.m.3 views

CVE-2026-8934

A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This vulnerability was patched ...

6.9CVSS5.9AI score0.00364EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 3:20 p.m.34 views

CVE-2026-8934 Cross-Project Information Leakage in Google App Engine UI

A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This vulnerability was patched ...

6.9CVSS0.00364EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 2:9 p.m.6 views

CVE-2026-45739

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

3.1CVSS5.8AI score0.00218EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:51 a.m.9 views

CVE-2022-42132

The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, whic...

5.9CVSS6.7AI score0.00466EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-39432

Malicious code in bioql PyPI...

6.2CVSS6.6AI score0.00153EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/27 10:21 a.m.4 views

CVE-2025-30040 Missing authentication in API returning request logs containing session IDs

The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint...

9CVSS7.1AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/27 10:21 a.m.10 views

CVE-2025-30040 Missing authentication in API returning request logs containing session IDs

The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint...

9CVSS0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:52 a.m.12 views

CVE-2024-38308

Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user. The device doesn't correctly neutralize malicious code when parsing HTTP requests to generate page output...

8.8CVSS7AI score0.00295EPSS
Exploits0
OSV
OSV
added 2025/01/21 1:15 a.m.5 views

CVE-2024-45091

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs...

5.5CVSS5.8AI score0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.5 views

PT-2025-2684 · Ibm · Ibm Urbancode Deploy

Name of the Vulnerable Software and Affected Versions: IBM UrbanCode Deploy UCD versions 7.0 through 7.0.5.24 IBM UrbanCode Deploy UCD versions 7.1 through 7.1.2.10 IBM UrbanCode Deploy UCD versions 7.2 through 7.2.3.13 Description: The issue concerns the storage of potentially sensitive...

6.2CVSS6.2AI score0.00201EPSS
Exploits0References5
NVD
NVD
added 2024/12/06 3:15 p.m.39 views

CVE-2024-42196

HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs...

6.2CVSS0.00153EPSS
Exploits0References1
OSV
OSV
added 2024/12/06 3:15 p.m.12 views

CVE-2024-42196

HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs...

5.5CVSS5.8AI score0.00153EPSS
Exploits0References1
Rows per page
Query Builder