28 matches found
EUVD-2026-43548
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...
CVE-2026-62328
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...
CVE-2026-62328
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...
CVE-2026-62328
Summary: CVE-2026-62328 affects 9Router up to version 0.4.41 and describes an unauthenticated information-disclosure vulnerability exposed via unprotected API endpoints. Attackers can remotely query the request-logs and request-details routes (which lack authentication middleware) to enumerate pa...
CVE-2026-62328 9Router 0.4.41 - Unauthenticated Information Disclosure via API Usage Endpoints
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...
CVE-2026-62328 9Router 0.4.41 - Unauthenticated Information Disclosure via API Usage Endpoints
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...
Missing Authorization
Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Missing Authorization due to missing authentication checks on several API endpoints, including /api/providers, /api/usage/stats, /api/usage/request-logs, and...
GHSA-VJC7-JRH9-9J86 9router has unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats
--- title: Unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats product: 9Router version: = 0.4.41 severity: critical cverequest: true --- Summary Multiple critical API security vulnerabilities were discovered in 9Router's Next.js dashboard. The /api/providers endpoin...
CVE-2026-8934
A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This vulnerability was patched ...
CVE-2026-8934 Cross-Project Information Leakage in Google App Engine UI
A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This vulnerability was patched ...
CVE-2026-45739
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...
CVE-2022-42132
The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, whic...
EUVD-2024-39432
Malicious code in bioql PyPI...
CVE-2025-30040 Missing authentication in API returning request logs containing session IDs
The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint...
CVE-2025-30040 Missing authentication in API returning request logs containing session IDs
The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint...
CVE-2024-38308
Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user. The device doesn't correctly neutralize malicious code when parsing HTTP requests to generate page output...
CVE-2024-45091
IBM UrbanCode Deploy UCD 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs...
PT-2025-2684 · Ibm · Ibm Urbancode Deploy
Name of the Vulnerable Software and Affected Versions: IBM UrbanCode Deploy UCD versions 7.0 through 7.0.5.24 IBM UrbanCode Deploy UCD versions 7.1 through 7.1.2.10 IBM UrbanCode Deploy UCD versions 7.2 through 7.2.3.13 Description: The issue concerns the storage of potentially sensitive...
CVE-2024-42196
HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs...
CVE-2024-42196
HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs...