Lucene search
K

592 matches found

Github Security Blog
Github Security Blog
added 2026/04/03 11:33 p.m.13 views

AVideo: Unauthenticated Instagram Graph API Proxy via publishInstagram.json.php

Summary The SocialMediaPublisher plugin exposes a publishInstagram.json.php endpoint that acts as an unauthenticated proxy to the Facebook/Instagram Graph API. The endpoint accepts user-controlled parameters including an access token, container ID, and Instagram account ID, and passes them direct...

5.3CVSS6AI score0.00215EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/28 11:10 p.m.3 views

CVE-2026-34386

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...

8.7CVSS6AI score0.00318EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 6:30 p.m.5 views

CVE-2026-34386

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...

8.7CVSS6AI score0.00318EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.8 views

LXD 安全漏洞

LXD is a Canonical open-source container-based system for managing applications on Linux systems. Security vulnerabilities exist in LXD versions 4.12 to 6.6, which stem from improper cleaning of the compressionalgorithm parameter. This vulnerability could allow authenticated non-privileged users ...

9.4CVSS5.9AI score0.00502EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/23 8:33 p.m.5 views

CVE-2026-23693 ElementsKit Elementor Addons < 3.7.9 Unauthenticated Mailchimp REST Endpoint

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor elementskit-lite WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoint accepts client-supplied Mailchimp API...

10CVSS5.5AI score0.00384EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.18 views

PT-2026-21554

Name of the Vulnerable Software and Affected Versions ElementsKit Lite WordPress plugin versions prior to 3.7.9 Description The ElementsKit Lite WordPress plugin versions prior to 3.7.9 exposes the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoi...

10CVSS5.3AI score0.00384EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/01/21 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-14157

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed...

6.5CVSS5.7AI score0.0027EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/14 11:19 p.m.7 views

CVE-2022-50908

Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation...

7.2CVSS6AI score0.00247EPSS
Exploits0References1
OSV
OSV
added 2026/01/13 11:15 p.m.5 views

CVE-2022-50908

Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation...

7.2CVSS5.9AI score0.00247EPSS
Exploits0References4
CVE
CVE
added 2026/01/13 10:51 p.m.14 views

CVE-2022-50908

MailHog 1.0.1 is affected by a stored XSS vulnerability in attachments that allows execution of arbitrary API calls (e.g., message deletion, browser manipulation) when a crafted email is processed. Technical details from multiple sources indicate the issue stems from improper handling of attachme...

7.2CVSS5.6AI score0.00247EPSS
Exploits0References4
OSV
OSV
added 2026/01/13 9:6 a.m.6 views

BIT-GITLAB-2025-10569 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denial of service condition by providing crafted responses to external API calls...

6.5CVSS6.5AI score0.00479EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.10 views

MailHog 跨站脚本漏洞

MailHog is MailHog open source a SMTP protocol testing tool . Mailhog version 1.0.1 suffers from a cross-site scripting vulnerability that stems from stored cross-site scripting , which could lead to an attacker injecting malicious scripts and executing arbitrary API calls via email attachments...

7.2CVSS5.8AI score0.00247EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:15 p.m.6 views

CVE-2018-1000846

FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery CSRF vulnerability in All authenticated API calls in index.php / class.manager.php that can result in Editing domains and zones with victim's privileges. This attack appear to be exploitable via Victim must open a website...

8.8CVSS7.2AI score0.00621EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:54 a.m.4 views

CVE-2018-4399

An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5...

5.5CVSS6.3AI score0.00928EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:10 a.m.8 views

CVE-2016-10800

cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls SEC-138...

7.8CVSS7AI score0.00948EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.9 views

CVE-2022-26479

An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file which can be created via an rsync backdoor causes all API calls to execute as admin without authentication...

9.8CVSS7.1AI score0.01729EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:32 a.m.15 views

CVE-2017-18438

cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls SEC-242...

6.5CVSS7.4AI score0.00829EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.8 views

CVE-2019-18615

In CloudVision Portal CVP for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which a...

4.9CVSS6.9AI score0.00494EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/09 10:4 a.m.3 views

CVE-2025-10569 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denial of service condition by providing crafted responses to external API calls...

6.5CVSS6.2AI score0.00479EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:55 a.m.8 views

CVE-2020-12003

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 an...

7.5CVSS6.4AI score0.0523EPSS
Exploits0References1
Rows per page
Query Builder