Lucene search
K

54 matches found

Github Security Blog
Github Security Blog
added 2026/07/06 9:11 p.m.6 views

Suspended Coder users retain access to AI Bridge LLM proxy endpoints

Summary AI Bridge proxy endpoints authenticate via Server.IsAuthorized in coderd/aibridgedserver, which validates key format, expiry, secret and deleted or system users but does not check whether the account is suspended. Because suspension does not revoke existing API keys, a suspended user's...

5.4CVSS5.9AI score0.00315EPSS
Exploits0References9Affected Software1
Snyk
Snyk
added 2026/07/06 9:11 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient validation in the IsAuthorized function. An attacker can maintain unauthorized access to AI Bridge LLM proxy endpoints by using previously issued, unexpired API tokens even after the associate...

5.4CVSS5.9AI score0.00315EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-56079

Name of the Vulnerable Software and Affected Versions Coder versions 2.30.0 through 2.32.6 Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description AI Bridge proxy endpoints authenticate via the Server.IsAuthorized function in coderd/aibridgedserver. This process...

5.4CVSS5.9AI score0.00315EPSS
Exploits0References16
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

QNAP qumagie 授权问题漏洞

QNAP Systems QuMagie is an AI-powered photo management software developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems QuMagie prior to version 2.9.1 contained security vulnerabilities. These vulnerabilities were caused by user-controlled keys that allowed...

9.8CVSS5.8AI score0.0046EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

WordPress plugin BP Better Messages 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.8AI score0.00246EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.15 views

PhoenixStorybook 安全漏洞

PhoenixStorybook is an open-source component display and interaction debugging UI tool developed by Phenix Digital. Versions of PhoenixStorybook from 0.4.0 to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from bypassing authorization using user-controlled keys. Attackers...

2.3CVSS5.8AI score0.00449EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.16 views

Yordam Library Automation System 安全漏洞

Yordam Library Automation System is an application developed by Yordam Corporation. Versions of the Yordam Library Automation System from v.21.6 to v.22.1 had security vulnerabilities. These vulnerabilities were caused by user-controlled keys that allowed unauthorized access to authorization...

8.8CVSS5.8AI score0.00298EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Akıllı E-Commerce Website 安全漏洞

Akıllı E-Commerce Website is an e-commerce website system developed by the Turkish company Akıllı, aimed at online retail and digital sales scenarios. Versions of Akıllı E-Commerce Website prior to 4.5.001 contained security vulnerabilities. These vulnerabilities were caused by an authorization...

9.8CVSS5.8AI score0.00426EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

WordPress plugin COMPE 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

WordPress plugin WPSubscription 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.6CVSS5.8AI score0.00364EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.7 views

Fortinet多款产品 安全漏洞

Fortinet FortiRecorder is a product of the American company Fortinet. Fortinet FortiRecorder is a web-based network video recording system management tool. Fortinet FortiMail is an email security gateway product. Fortinet FortiVoice is a unified communication and collaboration service. Several...

4CVSS5.8AI score0.00081EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

WordPress plugin Cnvrse 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.8AI score0.00445EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.6 views

WordPress plugin Authorsy 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.5CVSS5.8AI score0.0025EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.10 views

MeCODE Envanty 安全漏洞

MeCODE Envanty is an enterprise resource planning management system developed by the Turkish company MeCODE. Versions of MeCODE Envanty prior to 1.0.6 contained security vulnerabilities. These vulnerabilities stemmed from unauthorized access through user-controlled keys, which could lead to...

7.3CVSS5.8AI score0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

WordPress plugin Quiz And Survey Master 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00315EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.7 views

Dinibh Patrol Tracking System 安全漏洞

Dinibh Patrol Tracking System is an inspection management platform developed by the Turkish company Dinibh. The versions of Dinibh Patrol Tracking System 10022026 and earlier contained security vulnerabilities. These vulnerabilities stemmed from bypassing authorization using user control keys,...

8.8CVSS5.8AI score0.00265EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/06 12:0 a.m.30 views

CVE-2025-70963

Gophish =0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

0.00267EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.7 views

WordPress plugin Sweet Jane has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.8AI score0.00229EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.8 views

WordPress plugin tutor security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

3.8CVSS5.8AI score0.00295EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.8 views

WordPress plugin Roam has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

3.8CVSS5.8AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder