Lucene search
K

62 matches found

Nuclei
Nuclei
added yesterday247 views

Argo CD Unauthenticated Access to sensitive setting

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. id: CVE-2024-37152 info: name: Ar...

7.5CVSS6.5AI score0.02348EPSS
Exploits0References2
CVE
CVE
added 2 days ago3 views

CVE-2026-58477

SIP (Sustainable Irrigation Platform) up to version 5.2.16 contains a mass assignment flaw where the value-setting interface copies every HTTP parameter into internal settings without whitelisting. This enables unauthenticated attackers to overwrite sensitive configuration such as the passphrase ...

8.8CVSS6.1AI score0.00357EPSS
Exploits2References2Affected Software1
NVD
NVD
added last week6 views

CVE-2026-59222

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers.key and webhook configuration, allowing a normal channel...

6.5CVSS0.00265EPSS
Exploits1References3
EUVD
EUVD
added last week7 views

EUVD-2026-42631

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers.key and webhook configuration, allowing a normal channel...

6CVSS5.9AI score0.00265EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-59222

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers.key and webhook configuration, allowing a normal channel...

6CVSS5.9AI score0.00265EPSS
Exploits1References4Affected Software1
OSV
OSV
added last week4 views

CVE-2026-59222 Open WebUI: /api/v1/channels/{id}/members exposes full user model including sensitive credentials

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers.key and webhook configuration, allowing a normal channel...

6CVSS6.1AI score0.00265EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.12 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from permission escalation vulnerabilities, allowing authenticated operators with write permissions to acces...

7.1CVSS5.8AI score0.00243EPSS
Exploits0References1
CVE
CVE
added 2026/02/06 11:14 p.m.14 views

CVE-2020-37146

CVE-2020-37146 affects ACE Security WiP-90113 HD Camera. A configuration disclosure vulnerability allows unauthenticated attackers to retrieve sensitive configuration files by sending a GET request to /config_backup.bin, exposing credentials and system settings. Exploitation context and impact ar...

8.7CVSS5.4AI score0.00414EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/08 12:0 a.m.3 views

Next.js Configuration File Detected

Next.js is a popular React framework for building web applications. By default, Next.js applications may include a configuration file named next.config.js, which contains various settings and options for the application. If this configuration file is accessible via the web server, it can expose...

6.6AI score
Exploits0References1
Cvelist
Cvelist
added 2025/12/04 3:5 p.m.29 views

CVE-2025-2848

A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions...

6.3CVSS0.00389EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/01 6:46 a.m.2 views

Incorrect Permission Assignment for Critical Resource

Overview snowflake-connector-python is a Snowflake Connector for Python Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the ConfigManager.readconfig path in configmanager.py. An attacker can modify sensitive settings stored in the...

5.1CVSS6.8AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-2310

Malware in sbrugna...

6.5CVSS6.6AI score0.02167EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-46419

Malicious code in bioql PyPI...

7.1CVSS4.7AI score0.00185EPSS
Exploits0References1
CNVD
CNVD
added 2025/08/01 12:0 a.m.2 views

Apple macOS Access Control Error Vulnerability (CNVD-2025-18439)

Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS suffers from a security vulnerability that stems from insufficient user consent prompts, which can be exploited by attackers to potentially bypass sensitive settings...

9.8CVSS6.5AI score0.00689EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/30 12:0 a.m.5 views

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS suffers from a security vulnerability that stems from insufficient user consent prompts, which can be exploited by attackers to potentially bypass sensitive settings...

9.8CVSS6.4AI score0.00689EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/29 11:28 p.m.8 views

CVE-2025-43184

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A shortcut may be able to bypass sensitive Shortcuts app settings...

0.00689EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 4:18 a.m.9 views

CVE-2023-41960

The vulnerability allows an unprivilegeduntrusted third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself...

7.1CVSS6.7AI score0.00185EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:49 p.m.7 views

CVE-2020-21936

An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to access the components GetStationSettings, GetWebsiteFilterSettings and GetNetworkSettings without authentication...

5.3CVSS6.9AI score0.01252EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:25 p.m.9 views

CVE-2020-27585

Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password...

4.4CVSS6.5AI score0.00314EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/03/22 11:43 a.m.12 views

CVE-2024-6842

In version 1.5.5 of mintplex-labs/anything-llm, the /setup-complete API endpoint allows unauthorized users to access sensitive system settings. The data returned by the currentSettings function includes sensitive information such as API keys for search engines, which can be exploited by attackers...

7.5CVSS6.5AI score0.29187EPSS
Exploits1References1
Rows per page
Query Builder