Lucene search
+L

454 matches found

euvd
euvd
added 5 days ago7 views

EUVD-2026-43090

vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions:...

6.1AI score0.00392EPSS
Exploits0References2
nvd
nvd
added 6 days ago6 views

CVE-2026-15087

vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions:...

5.9CVSS0.00392EPSS
Exploits0References1
cve
cve
added 6 days ago8 views

CVE-2026-15087

CVE-2026-15087 concerns Drupal Clean RESTful. Connected PT-2026-56667 confirms affected versions are Drupal Clean RESTful versions *, i.e., all versions, but details on the exact vulnerability, root cause, exploitability, or fixes are not provided in the connected documents. The related Drupal SA...

5.9CVSS6.1AI score0.00392EPSS
Exploits0References1
cvelist
cvelist
added 6 days ago33 views

CVE-2026-15087 Clean RESTful - Critical - Unsupported - SA-CONTRIB-2026-078

vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions:...

0.00392EPSS
Exploits0References1
drupal
drupal
added 2026/07/08 12:0 a.m.5 views

Clean RESTful - Critical - Unsupported - SA-CONTRIB-2026-078

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

5.9CVSS5.9AI score0.00392EPSS
Exploits0References2
osv
osv
added 2026/06/25 10:34 p.m.4 views

GO-2026-5515 Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery in github.com/dhax/go-base

Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery in github.com/dhax/go-base...

5.8AI score0.00055EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/23 12:12 p.m.38 views

CVE-2026-56248 Capgo - Unauthenticated Denial-of-Service via audit_logs RLS Policy

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

8.7CVSS0.00359EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/12 8:55 p.m.36 views

CVE-2026-54397 MISP event editing allows unauthorized assignment to undisclosed sharing groups

A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form data and set an event’s sharinggroupid to a sharing group they were not authorized to use. When distribution was set to sharing group distribution, the...

6.1CVSS0.00226EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in golang-github-emicklei-go-restful

Authorization bypass through user-controlled keys in the GitHub repository in the emicklei/go-restful library, prior to version 3.8.0...

9.3CVSS7.4AI score0.02737EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/05/06 5:10 p.m.8 views

CVE-2026-20219

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References2Affected Software1
susecve
susecve
added 2026/03/28 12:26 a.m.5 views

SUSE CVE-2026-33065

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...

6.9CVSS5.8AI score0.00282EPSS
Exploits1References3
cnnvd
cnnvd
added 2026/03/25 12:0 a.m.10 views

N2W 安全漏洞

N2W is a data backup and recovery software developed by N2W Corporation. Versions of N2W prior to 4.4.0 contained security vulnerabilities. These vulnerabilities stemmed from a two-step attack targeting RESTful APIs, which could lead to remote code execution...

9CVSS6.2AI score0.00339EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/03/25 12:0 a.m.3 views

CVE-2025-32991

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...

6.1AI score0.00339EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/03/25 12:0 a.m.6 views

CVE-2025-32991

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...

6.1AI score0.00339EPSS
Exploits0References3
cvelist
cvelist
added 2026/03/25 12:0 a.m.25 views

CVE-2025-32991

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...

0.00339EPSS
Exploits0References2
cve
cve
added 2026/03/25 12:0 a.m.16 views

CVE-2025-32991

N2WS Backup & Recovery (before 4.4.0) is affected by a two‑step attack against its RESTful API that leads to remote code execution. The available documents describe the vulnerability at a high level without detailing exploit vectors, affected modules, or versions beyond the 4.4.0 threshold. No re...

9CVSS6.1AI score0.00339EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/03/10 1:18 a.m.3 views

GHSA-XV8G-FJ9H-6GMV Linkdave Missing Authentication on REST and WebSocket endpoints

The linkdave server does not enforce authentication on its REST and WebSocket routes in versions prior to 0.1.5. Impact An attacker with network access to the server port can: - Connect to the WebSocket endpoint /ws and receive a valid sessionid in the OpReady response. - Use that session to invo...

9.3CVSS5.8AI score
Exploits0References3
osv
osv
added 2026/03/09 7:50 p.m.2 views

GHSA-GH4X-F7CQ-WWX6 Glances Exposes Unauthenticated Configuration Secrets

Summary The /api/4/config REST API endpoint returns the entire parsed Glances configuration file glances.conf via self.config.asdict with no filtering of sensitive values. The configuration file contains credentials for all configured backend services including database passwords, API tokens, JWT...

8.7CVSS5.8AI score0.01657EPSS
Exploits1References5
osv
osv
added 2026/02/17 6:9 p.m.11 views

GO-2026-4481 Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise in github.com/milvus-io/milvus

Milvus: Unauthenticated Access to Restful API on Metrics Port 9091 Leads to Critical System Compromise in github.com/milvus-io/milvus. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

9.8CVSS5.6AI score0.34346EPSS
Exploits1References3
osv
osv
added 2026/01/30 3:55 p.m.11 views

CLEANSTART-2026-HV28992 Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3

Multiple security vulnerabilities affect the cert-manager-webhook-pdns-fips package. Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3. See references for individual vulnerability details...

9.8CVSS8.8AI score0.99999EPSS
Exploits22References23
Rows per page
Query Builder