Lucene search
K

6 matches found

OSV
OSV
added last week4 views

CVE-2026-58253 NATS Server: Route API Auth Bypass

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when noauthuser was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an...

8.8CVSS6.1AI score0.00368EPSS
Exploits0References9
NVD
NVD
added 2026/06/08 4:16 p.m.16 views

CVE-2026-46442

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When...

9.9CVSS0.0082EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.25 views

PT-2026-41194

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description An authorization issue allows any authenticated user with low privileges to enumerate active background tasks across the system and stop tasks belonging to other users. This occurs because the...

7.1CVSS5.8AI score0.0027EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.18 views

PT-2026-41207

Name of the Vulnerable Software and Affected Versions flowise versions prior to 3.1.2 Description The endpoint "/api/v1/node-custom-function" lacks route-level authorization, allowing any authenticated user or holder of a valid API key to submit arbitrary JavaScript via the javascriptFunction...

9.9CVSS6.5AI score0.0082EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/05/11 12:0 a.m.36 views

CVE-2026-38568

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authoriz...

0.00231EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/11/11 12:0 a.m.6 views

Cloudflare OctoRPKI 输入验证错误漏洞

Cloudflare OctoRPKI is an RPKI toolkit for the Cloudflare platform from cloudflare USA. Cloudflare OctoRPKI suffers from an input validation error vulnerability that stems from OctoRPKI crashing when it encounters a repository that returns an invalid ROA, which is just an encoded NUL character...

7.5CVSS7.2AI score0.01255EPSS
Exploits0References6
Rows per page
Query Builder