Lucene search
K

89 matches found

CVE
CVE
added 3 days ago13 views

CVE-2026-49471

Serena exposes an unauthenticated Flask API on a fixed port prior to v1.5.2, with no authentication, CSRF protection, or Host header validation. A DNS rebinding attack can reach this API from any browser and write arbitrary content to the agent’s persistent memory store, which the agent may read ...

8.3CVSS6.7AI score0.00237EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 10:54 a.m.9 views

CVE-2026-46910

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Enterprise Infrastructure Security. Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD...

9.1CVSS0.00354EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.29 views

PT-2026-49881

Name of the Vulnerable Software and Affected Versions Oracle Coherence versions 12.2.1.4.0 Oracle Coherence versions 14.1.1.0.0 Oracle Coherence versions 14.1.2.0.0 Oracle Coherence versions 15.1.1.0.0 Description An issue in the Core component of Oracle Fusion Middleware allows an unauthenticate...

9.8CVSS5.8AI score0.00483EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.9 views

CVE-2026-40621

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication...

9.8CVSS7.7AI score0.00491EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-45765

A critical chain of vulnerabilities in the Collibra Platform Agent, including CVE-2026-26847 improper authentication and path traversal, allows remote, unauthenticated attackers to achieve Remote Code Execution RCE. Technical Breakdown: Vulnerability Chain: Attackers can exploit improperly...

6AI score
Exploits0References1
OSV
OSV
added 2026/06/01 1:58 p.m.17 views

GHSA-63GR-G7JC-V8RG @agenticmail/mcp Missing Authentication for Critical Function

AgenticMail MCP HTTP authorization bypass Summary @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCPHTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can initialize a session and call tools directly. T...

8.7CVSS5.9AI score0.00359EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/28 8:17 p.m.14 views

CVE-2026-34311

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications component: Opera. Supported versions that are affected are 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6 and 5.6.28. Easily exploitable vulnerability allows unauthenticated attacker with network...

9.8CVSS5.8AI score0.00461EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/26 8:59 p.m.38 views

CVE-2026-47672 epa4all-client: Unauthenticated REST API for Patient Record Writes

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

6.5CVSS0.00162EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/09 2:21 a.m.12 views

CVE-2026-30496

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration 74 endpoints and writing/modifying settings including volume, mute,...

9.8CVSS5.9AI score0.00326EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 3:38 p.m.14 views

EUVD-2026-28367

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration 74 endpoints and writing/modifying settings including volume, mute,...

5.9AI score0.00326EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 3:14 p.m.8 views

EUVD-2026-23986

Glances: Cross-Origin Information Disclosure via Unauthenticated REST API /api/4 due to Permissive CORS...

8.7CVSS5.7AI score0.00408EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

Oracle Financial Services Analytical Applications Infrastructure 安全漏洞

Oracle Financial Services Analytical Applications Infrastructure is a financial data analysis and modeling platform developed by Oracle Corporation. Versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 of Oracle Financial Services Analytical Applications Infrastructure contain security vulnerabilities. These...

7.5CVSS7.3AI score0.00307EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Oracle HCM Common Architecture 安全漏洞

Oracle HCM Common Architecture is an HR management system architecture component developed by Oracle, a US-based company. Versions 12.2.3 to 12.2.15 of Oracle HCM Common Architecture contain security vulnerabilities. These vulnerabilities stem from issues with the Knowledge Integration component,...

7.5CVSS7.3AI score0.00324EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 9:31 a.m.16 views

EUVD-2026-15194

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...

6.9CVSS5.8AI score0.00278EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 7:38 a.m.16 views

CVE-2026-32326

SHARP routers are affected by CVE-2026-32326 due to missing authentication for some web APIs, enabling retrieval of device information without authentication. The impact could be severe if the administrative password is left as the initial default, potentially allowing takeover of the device. The...

6.9CVSS6.2AI score0.00278EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/25 7:38 a.m.1 views

CVE-2026-32326

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...

6.9CVSS6.2AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/18 5:18 a.m.30 views

CVE-2026-32596 Glances exposes the REST API without authentication

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys,...

8.7CVSS0.0155EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.6 views

glances 信息泄露漏洞

Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.2 contained an information leakage vulnerability. This vulnerability stemmed from the web server running without authentication, allowing unauthenticated network clients to access sensitive system...

8.7CVSS7.3AI score0.0155EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.24 views

Navtor NavBox 安全漏洞

Navtor NavBox is a shipping information system device developed by the Norwegian company Navtor. It is used for electronic nautical chart management and synchronization of navigation data. There is a security vulnerability in Navtor NavBox, which stems from the lack of authentication in the HTTP...

7.5CVSS5.8AI score0.00505EPSS
Exploits0References2
Zero Science Lab
Zero Science Lab
added 2026/03/02 12:0 a.m.233 views

Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control And Lockout

Summary The Honeywell IQ4 Trend IQ4 is a line of intelligent building-management controllers designed to provide advanced unitary control, HVAC integration, and scalable I/O expansion for commercial environments. These controllers use Ethernet and TCP/IP networking with embedded XML, support BACn...

10CVSS5.7AI score0.05585EPSS
Exploits1
Rows per page
Query Builder