Lucene search
K

1096 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-40945

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...

4.1CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-40414

Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication AUTHUSERNAME/AUTHPASSWORD, is reachable unauthenticated at /mcp because the nginx front-end does not apply the authrequest gate to that path and the MCP server auto-mints a...

6.9CVSS5.8AI score0.00437EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-58446 Presenton < 0.8.8-beta - Authentication Bypass of Session Auth via Unprotected MCP Endpoint

Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication AUTHUSERNAME/AUTHPASSWORD, is reachable unauthenticated at /mcp because the nginx front-end does not apply the authrequest gate to that path and the MCP server auto-mints a...

6.9CVSS0.00437EPSS
Exploits0References5
Cvelist
Cvelist
added last week19 views

CVE-2025-71335 Flowise - Session Invalidation Failure After Password Change

Flowise before 3.0.10 affected versions 3.0.7 and earlier fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who already holds an active session, for example via a stolen session token or a device left logged in, remains authenticated as the...

8.6CVSS0.00258EPSS
Exploits1References2
NVD
NVD
added last week10 views

CVE-2026-54040

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

7.1CVSS0.0015EPSS
Exploits1References1
NVD
NVD
added last week9 views

CVE-2026-54036

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user or attacker with a stolen session even when 2FA is already fully enabled on the account. This endpoint overwrites the existi...

8.1CVSS0.00213EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-54040

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

5.9CVSS6AI score0.0015EPSS
Exploits1References2Affected Software1
CVE
CVE
added last week8 views

CVE-2026-54040

Summary of CVE-2026-54040 (LibreChat): Before version 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring a valid TOTP token or existing backup code verification. An attacker with a stolen session token can silently replace a victim’s 2F...

7.1CVSS6AI score0.0015EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added last week6 views

EUVD-2026-39456

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

5.9CVSS6AI score0.0015EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 9:17 p.m.7 views

CVE-2026-47387

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler packages/nc-gui/composables/useSharedFormViewStore.ts in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A...

8.4CVSS0.00234EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:11 p.m.6 views

CVE-2026-47387

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler packages/nc-gui/composables/useSharedFormViewStore.ts in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A...

8.4CVSS5.9AI score0.00234EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/23 8:11 p.m.30 views

CVE-2026-47387

NocoDB (the issue CVE-2026-47387) has a stored XSS due to the shared form-view redirect_url handling. The vulnerable sink in packages/nc-gui/composables/useSharedFormViewStore.ts validates only string/non-empty redirect_url and fails to validate URL schemes, causing non-network schemes (e.g., jav...

8.4CVSS5.9AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 1:58 p.m.5 views

GHSA-C73Q-8XXR-RGQM Tilt: Missing authentication on the network-exposed Tilt HUD server

Summary The Tilt HUD HTTP server exposes state-changing and sensitive-read endpoints with no authentication. When the HUD is bound to a non-loopback address, a network attacker can trigger the developer's pre-defined Tiltfile resources, tamper with Tiltfile arguments, read full engine state...

9.2CVSS6AI score
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 1:16 p.m.30 views

CVE-2026-48895 Apache APISIX: Cas-auth Host header influence on CAS service URL

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache APISIX. The attacker could manipulate some client headers to perform an open-redirect, to potentially expose the session token. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade t...

2.1CVSS0.00409EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:16 p.m.11 views

CVE-2026-48895

CVE-2026-48895 describes an open redirect in Apache APISIX (affected versions 3.0.0–3.16.0). The issue allows manipulation of certain client headers to redirect to an untrusted site, with potential exposure of session tokens. The advisory recommends upgrading to version 3.17.0, which contains the...

7.2CVSS5.8AI score0.00409EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50978

Name of the Vulnerable Software and Affected Versions Tilt versions 0.19.5 through 0.37.3 Description The Tilt HUD server mounts Go's net/http/pprof handlers under the '/debug' endpoint without access control. When the HUD is network-exposed, an unauthenticated caller can read process memory via...

8.3CVSS6AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.7 views

CVE-2026-42235

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted clientname. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that...

9.6CVSS5.7AI score0.00332EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/05 4:20 p.m.14 views

NocoDB: Stored Cross-Site Scripting via Form View Redirect URL

Summary The shared form-view submit handler in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A user with editor role or above on any base can plant a javascript: URL in the form's redirecturl; when an authenticated view...

8.4CVSS5.8AI score0.00234EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/05 3:25 p.m.15 views

Omni has a TOCTOU race condition that allows multiple concurrent uses of a single-use SAML session token

Summary SAML.getSession internal/pkg/auth/interceptor/saml.go checks the Used flag on a SAMLAssertion resource and then marks it used in two separate state operations. Because the check and the update are not atomic, concurrent requests carrying the same saml-session token can both observe Used =...

5.4AI score0.00018EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/05 3:25 p.m.6 views

GHSA-5X9F-6VG5-QG4M Omni has a TOCTOU race condition that allows multiple concurrent uses of a single-use SAML session token

Summary SAML.getSession internal/pkg/auth/interceptor/saml.go checks the Used flag on a SAMLAssertion resource and then marks it used in two separate state operations. Because the check and the update are not atomic, concurrent requests carrying the same saml-session token can both observe Used =...

7CVSS5.4AI score0.00018EPSS
Exploits0References4
Rows per page
Query Builder