Lucene search
K

230 matches found

Vulnrichment
Vulnrichment
added 2026/05/07 9:18 p.m.9 views

CVE-2026-7541 Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via unauthenticated API endpoint

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON request bodie...

8.9CVSS5.8AI score0.00388EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/07 9:18 p.m.45 views

CVE-2026-7541 Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via unauthenticated API endpoint

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON request bodie...

8.9CVSS0.00388EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/07 12:0 a.m.30 views

CVE-2026-30496

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration 74 endpoints and writing/modifying settings including volume, mute,...

0.00326EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.17 views

PT-2026-37237

Name of the Vulnerable Software and Affected Versions Masa CMS versions 7.2.0 through 7.2.9 Masa CMS versions 7.3.0 through 7.3.14 Masa CMS versions 7.4.0 through 7.4.9 Masa CMS versions 7.5.0 through 7.5.2 Description The unauthenticated JSON API accepts an altTable parameter that is stored via...

9.3CVSS6AI score0.00317EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/28 1:6 p.m.33 views

CVE-2026-5944 Cisco Intersight Device Connector for Nutanix Prism Central Unauthenticated API Access

An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated...

8.8CVSS0.00533EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/22 1:37 a.m.16 views

SUSE CVE-2026-34839

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a REST API /api/4/ that is accessible without authentication and allows cross-origin requests from any origin due to a permissive CORS policy Access-Control-Allow-Origin: . This...

8.7CVSS5.8AI score0.00408EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/20 3:34 a.m.8 views

Langflow: DoS Through Lack of File Size Restriction via Deprecated Unauthenticated File Upload API

A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function createuploadfile of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack...

7.5CVSS7AI score0.00284EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 2:25 p.m.5 views

CVE-2026-33763 AVideo has an Unauthenticated Video Password Brute-Force Vulnerability via Unrate-Limited Boolean Oracle

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getapivideopasswordiscorrect API endpoint allows any unauthenticated user to verify whether a given password is correct for any password-protected video. The endpoint returns a boolean passwordIsCorrect field...

5.3CVSS5.8AI score0.0032EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/23 6:21 p.m.6 views

CVE-2026-33513

WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated API endpoint APIName=locale concatenates user input into an include path with no canonicalization or whitelist. Path traversal is accepted, so arbitrary PHP files under the web root can be...

8.6CVSS6.4AI score0.0074EPSS
Exploits3References2Affected Software1
Snyk
Snyk
added 2026/03/20 9:55 p.m.4 views

Use of a Broken or Risky Cryptographic Algorithm

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm via the decryptString function. An attacker can access confidential information by submitting arbitrary ciphertext...

8.7CVSS5.9AI score0.00234EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/17 2:8 p.m.12 views

SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183)

SanitizeSVG bypass via data:text/xml in getDynamicIcon incomplete fix for CVE-2026-29183 SanitizeSVG blocks data:text/html and data:image/svg+xml in href attributes but misses data:text/xml and data:application/xml. Both render SVG with onload JavaScript execution confirmed in Chromium 136, other...

9.3CVSS6AI score0.00625EPSS
Exploits2References6Affected Software1
Cvelist
Cvelist
added 2026/03/12 6:17 p.m.32 views

CVE-2025-13913 Inductive Automation Ignition Software Deserialization of Untrusted Data

A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code...

6.3CVSS0.00345EPSS
Exploits0References3
CVE
CVE
added 2026/03/11 3:30 p.m.22 views

CVE-2026-27897

Vociferous (offline speech-to-text) contains an unauthenticated path traversal vulnerability in the export_file API (src/api/system.py) prior to version 4.4.2. An attacker can submit a JSON payload with a crafted filename and content, exploit directory traversal (../) to write arbitrary data to l...

10CVSS5.9AI score0.00644EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/06 3:5 p.m.6 views

CVE-2026-2754

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...

7.5CVSS5.9AI score0.00505EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/04 12:26 a.m.5 views

SUSE CVE-2026-26190

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS5.8AI score0.34346EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/17 10:56 p.m.32 views

CVE-2026-1670 Honeywell CCTV Products Missing Authentication for Critical Function

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address...

9.8CVSS0.00833EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.9 views

PT-2026-20283

Name of the Vulnerable Software and Affected Versions Honeywell CCTV products versions prior to firmware updates addressing CVE-2026-1670 Honeywell I-HIB2PI-UL 2MP IP 6.1.22.1216 Honeywell SMB NDAA MVO-3, PTZ WDR 2MP 32M, 25M IPC WDR 2MP 32M PTZ v2.0 Description The affected products are vulnerab...

9.8CVSS5.7AI score0.00833EPSS
Exploits0References31
RedhatCVE
RedhatCVE
added 2026/02/14 7:22 p.m.5 views

CVE-2026-26190

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS5.7AI score0.34346EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/04 8:6 p.m.7 views

CVE-2026-25505

Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7...

9.8CVSS5.4AI score0.00724EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/04 10:41 a.m.5 views

CVE-2026-24735 Apache Answer: Revision API Improper Access Control leads to Information Disclosure

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or...

7.5CVSS5.9AI score0.00619EPSS
Exploits0References4
Rows per page
Query Builder