CVE-2026-26135

creationtimestamp| type| source ---|---|--- 2026-04-03 00:50:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mikitpnzqk2z 2026-04-03 01:16:28+00:00| seen| Telegram/iJ-TXq8dDjuzcBmcTa4J1ArjLXeEo9DZvpPvRg0iyulgok 2026-04-03 01:50:22+00:00| seen|...

CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability

...

CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability

...

CVE-2024-26135

MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking CSWSH vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is...

CVE-2024-26135

Vulnerability summary (CVE-2024-26135): MeshCentral versions prior to 1.1.21 have a cross-site websocket hijacking (CSWSH) vulnerability in the control.ashx endpoint. An attacker can lure a victim/admin to a malicious page and originate a cross-site websocket connection to control.ashx, enabling ...

CVE-2024-26135

creationtimestamp| type| source ---|---|--- 2024-02-19 22:48:58+00:00| published-proof-of-concept| https://github.com/Ylianst/MeshCentral/security/advisories/GHSA-cp68-qrhr-g9h8 2024-02-20 21:23:09+00:00| seen| https://t.me/ctinow/188925 2024-02-20 21:23:11+00:00| seen| https://t.me/ctinow/188927...

CVE-2023-26135

creationtimestamp| type| source ---|---|--- 2023-06-30 12:15:11+00:00| seen| https://t.me/cibsecurity/65780...

dummy-package-six (>=1.0.0 <=1.0.3), dummy-package-three (=1.0.0) +10 more potentially affected by CVE-2023-26135 via flatnest (>=0.2.2 <=1.0.0)

flatnest NPM version =0.2.2, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.0.1, =0.1.3, =0.10.10, =0.0.1, =0.1.0, =0.0.1, =0.2.0 Source cves: CVE-2023-26135 Source advisory: OSV:GHSA-7PX2-3C2P-Q4V4...

CVE-2023-26135

All versions of the package flatnest are vulnerable to Prototype Pollution via the nest function in the flatnest/nest.js file...

CVE-2023-26135

CVE-2023-26135 affects all versions of the flatnest package via the nest() function in flatnest/nest.js, enabling prototype pollution. The vulnerability is described across multiple feeds (Red Hat, GHSA, OSV, NVD, etc.), with the core risk being unauthorized modification of object properties at r...

CVE-2023-26135

All versions of the package flatnest are vulnerable to Prototype Pollution via the nest function in the flatnest/nest.js file...

37sy-build (>=1.0.0 <=1.3.3), @emintayfur/hub (>=0.0.1 <=0.1.2) +118 more potentially affected by CVE-2023-26135 via flatnest (>=0.2.2 <=1.0.1)

flatnest NPM version =0.2.2, =1.0.0, =0.0.1, =0.5.10, =0.1.2, =1.0.71, =1.0.23, =1.0.1, =1.2.1, =0.0.1-1, =1.0.1, =1.0.10, =1.0.0, =0.0.1, =1.0.6 and more Source cves: CVE-2023-26135 Source advisory: SNYK:JS-FLATNEST-3185149...

Atlassian Jira Server-Side Request Forgery (CVE-2022-26135)

A server-side request forgery vulnerability exists in Atlassian Jira. Successful exploitation of this vulnerability could allow an attacker to access internal resources...

CVE-2022-26135

creationtimestamp| type| source ---|---|--- 2022-06-30 07:45:39+00:00| seen| https://t.me/poxek/1866 2022-06-30 12:38:23+00:00| seen| https://t.me/cibsecurity/45394 2022-06-30 15:59:04+00:00| seen| Telegram/YwnncP99e-EOuTc4C9ZOd4fkbkttmEZQV0UEbD3Bd1vqXz0 2022-07-05 21:42:38+00:00|...

CVE-2022-26135

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user including a user who joined via the sign-up feature to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0...

CVE-2022-26135

CVE-2022-26135 affects Atlassian Jira Server/Data Center and Jira Service Management (Mobile Plugin for Jira) with a server-side request forgery (SSRF) via the batch endpoint. A remote, authenticated user (including sign-up users) can read server-side resources. Affected Jira Server/Data Center v...

Full Read SSRF in Mobile Plugin CVE-2022-26135

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user including a user who joined via the sign-up feature to perform a full read server-side request forgery via a batch endpoint. This affects Jira Management Server and Data Center versions from versi...

Full Read SSRF in Mobile Plugin CVE-2022-26135

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user including a user who joined via the sign-up feature to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0...

Security Advisory 0063

Security Advisory 0063 PDF Updated: May 25th, 2021 Revision | Date | Changes ---|---|--- 1.0 | May 12th, 2021 | Initial Release 1.1 | May 25th, 2021 | Updated assessment with impacted platforms, detection and mitigation. 1.2 | June 9, 2021 | Updated assessment 1.3 | August 19, 2021 | Updated...

CVE-2020-26135

CVE-2020-26135 affects Live Helper Chat prior to version 3.44 and allows a reflected XSS via the setsettingajax PATH_INFO. The available connected docs confirm the vulnerability description but do not provide details on affected exact versions beyond “before 3.44v,” nor do they specify concrete e...