Lucene search
+L

1338 matches found

Nuclei
Nuclei
added 14 hours ago20 views

MLflow < 3.10.0 - Authentication Bypass on FastAPI Routes

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS8.1AI score0.01502EPSS
Exploits1References2
Cvelist
Cvelist
added 2 days ago36 views

CVE-2026-48014 Shopware: Admin API ACL Bypass in Order State Transition Endpoints

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the order state transition features /api/action/order/orderId/state/transition and similar transaction and delivery transition routes in src/Core/Checkout/Order/Api/OrderActionController.php do not declare...

6.5CVSS0.00233EPSS
Exploits0References5
NVD
NVD
added 2 days ago11 views

CVE-2026-62227

OpenClaw 2026.4.14 before 2026.5.26 contain a server-side request forgery vulnerability in browser snapshot routes that fail to validate post-navigation destinations. Attackers with lower-trust access can bypass OpenClaw policy checks to reach network destinations that should have been blocked...

7.7CVSS0.00241EPSS
Exploits0References2
CVE
CVE
added 2 days ago14 views

CVE-2026-62227

OpenClaw 2026.4.14 before 2026.5.26 is affected by a server-side request forgery (SSRF) in browser snapshot routes. The root cause is failure to validate post-navigation destinations, allowing attackers with lower-trust access to bypass policy checks and reach network destinations that should be ...

7.7CVSS6.1AI score0.00241EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-45115

OpenClaw 2026.4.14 before 2026.5.26 contain a server-side request forgery vulnerability in browser snapshot routes that fail to validate post-navigation destinations. Attackers with lower-trust access can bypass OpenClaw policy checks to reach network destinations that should have been blocked...

7.7CVSS6.1AI score0.00241EPSS
Exploits0References2
CVE
CVE
added 3 days ago7 views

CVE-2026-61718

Bunkerweb (WAF) exposes a vulnerability in versions 1.6.2–1.6.12 where the BiscuitMiddleware authorization bypass for the /cache/ routes allowed low-privilege read-only users to delete job cache files. Specifically, routes in src/ui/app/routes/cache.py were only protected by @login_required despi...

5.4CVSS6.1AI score0.00306EPSS
Exploits0References3
OSV
OSV
added 3 days ago3 views

CVE-2026-61718 bunkerweb: Read-only Web UI users can delete job cache files due to missing authorization on /cache/ routes

bunkerweb is an Open-source and next-generation Web Application Firewall WAF. From 1.6.2 until 1.6.12, the BunkerWeb web UI BiscuitMiddleware authorization bypass list included the /cache/ URL prefix, so routes in src/ui/app/routes/cache.py protected only by @loginrequired, including POST...

5.4CVSS5.3AI score0.00306EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago761 views

aiohttp - Directory Traversal

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

7.5CVSS6.8AI score0.76875EPSS
Exploits15References3
NVD
NVD
added 4 days ago8 views

CVE-2026-56679

9Router is an AI router & token saver. Prior to 0.5.4, the PATCH /api/settings endpoint writes the entire request body to persistent settings without a field whitelist, allowing an authenticated user to set security-critical fields such as requireLogin and disable authentication for the whole...

8.7CVSS0.00324EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago38 views

CVE-2026-62312 9Router: Authenticated RCE via Unvalidated MCP Plugin Arguments

9Router is an AI router & token saver. Prior to 0.5.2, 9Router allows a remote authenticated attacker to achieve arbitrary code execution on the host operating system by combining a Host header bypass of localhost-only routes with unvalidated MCP plugin args passed to childprocess.spawn, allowing...

8.8CVSS0.00719EPSS
Exploits0References3
CVE
CVE
added 4 days ago6 views

CVE-2026-56679

9Router (AI router & token saver) contains a mass-assignment vulnerability in PATCH /api/settings prior to version 0.5.4. The endpoint writes the entire request body to persistent settings without a field whitelist, enabling an authenticated user to modify security-critical fields such as require...

8.7CVSS6.1AI score0.00324EPSS
Exploits0References1
OSV
OSV
added 4 days ago4 views

CVE-2026-56679 9Router: Mass assignment in PATCH /api/settings allows authenticated authorization downgrade

9Router is an AI router & token saver. Prior to 0.5.4, the PATCH /api/settings endpoint writes the entire request body to persistent settings without a field whitelist, allowing an authenticated user to set security-critical fields such as requireLogin and disable authentication for the whole...

8.7CVSS6.1AI score0.00324EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-46339 9Router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes

9Router is an AI router & token saver. From 0.4.30 until 0.4.37, 9Router's src/proxy.js middleware did not protect /api/cli-tools/ and /api/mcp/, allowing unauthenticated registration of customPlugins through src/app/api/cli-tools/cowork-settings/route.js and command execution through the MCP...

10CVSS0.04572EPSS
Exploits0References2
OSV
OSV
added 4 days ago3 views

CVE-2026-46339 9Router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes

9Router is an AI router & token saver. From 0.4.30 until 0.4.37, 9Router's src/proxy.js middleware did not protect /api/cli-tools/ and /api/mcp/, allowing unauthenticated registration of customPlugins through src/app/api/cli-tools/cowork-settings/route.js and command execution through the MCP...

10CVSS6.2AI score0.04572EPSS
Exploits0References4
CVE
CVE
added 4 days ago38 views

CVE-2026-46339

Summary: CVE-2026-46339 affects 9Router, where middleware did not protect /api/cli-tools/* and /api/mcp/* until a fix in 0.4.37. Connected sources describe unauthenticated registration of custom MCP plugins via /api/cli-tools/cowork-settings and command execution through the MCP bridge, enabling ...

10CVSS6.2AI score0.04572EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-44773

Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant...

5.9CVSS6.1AI score0.00171EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 4 days ago12 views

PT-2026-60306

Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.5.2 Description A remote authenticated attacker can achieve arbitrary code execution on the host operating system. This is possible by combining a Host header bypass of localhost-only routes with unvalidated MCP...

8.8CVSS6.5AI score0.00719EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-60281

Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant...

5.9CVSS6.1AI score0.00171EPSS
Exploits0References9
NVD
NVD
added 5 days ago4 views

CVE-2026-48489

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, DefaultAuthenticationFailureHandler honored the request-supplied failurepath parameter when failureforward: true was enabled, allowing an unauthenticated...

8.7CVSS0.00465EPSS
Exploits0References5
NVD
NVD
added 5 days ago5 views

CVE-2026-45075

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, method-scoped IsGranted, IsSignatureValid, and IsCsrfTokenValid attributes can be configured for GET only, but Symfony routes HEAD requests to the GET handler while the...

8.3CVSS0.00382EPSS
Exploits0References3
Rows per page
Query Builder