Lucene search
K

183 matches found

CNNVD
CNNVD
added 2026/06/09 12:0 a.m.7 views

Apache Answer 信息泄露漏洞

Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer 2.0.0 and earlier had an information leakage vulnerability. This vulnerability stemmed from the lack of access restrictions on direct API endpoints, which allowed authenticated users to...

6.5CVSS5.3AI score0.00325EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Apache Answer 代码问题漏洞

Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer 2.0.0 and earlier had code vulnerabilities. These vulnerabilities stemmed from insufficient restrictions on the upload of dangerous types of files. The server did not properly verify the...

6.5CVSS5.6AI score0.00403EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47712

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description Improper Neutralization of Alternate XSS Syntax occurs when AI-generated response content is rendered in the browser without proper sanitization. This allows malicious scripts to be executed wh...

6.1CVSS5AI score0.00406EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-47718

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description The unlisted question feature fails to enforce access restrictions on direct API endpoints. This allows authenticated users to discover and access unlisted questions, including their answers,...

6.5CVSS5.2AI score0.00325EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47717

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description An issue exists where user-supplied content is included in notification emails without proper escaping. This allows authenticated users to perform Cross-Site Scripting XSS, which is the injecti...

5.4CVSS5.3AI score0.00372EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Apache Answer 安全漏洞

Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer 2.0.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from insufficient authorization checks for time-line-related APIs, which could allow ordinary...

6.1CVSS5.4AI score0.00406EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.20 views

PT-2026-47715

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description An unrestricted upload of files with dangerous types allows an authenticated user to cause a server process crash. This occurs when a crafted TIFF image triggers excessive memory allocation...

6.5CVSS5.2AI score0.00479EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47713

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description Timeline-related APIs lack proper authorization checks, which allows authenticated users to access content that is private, deleted, or unapproved, as well as its associated revision history...

6.1CVSS5.2AI score0.00406EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

Apache Answer 安全漏洞

Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer 2.0.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of script-related HTML tags in web pages. The content provided by users was n...

5.4CVSS5.5AI score0.00372EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Apache Answer 代码问题漏洞

Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer 2.0.0 and earlier had code vulnerabilities. These vulnerabilities stemmed from insufficient restrictions on the upload of dangerous types of files. Custom TIFF images might trigger...

6.5CVSS5.4AI score0.00479EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.10 views

Apache Answer 安全漏洞

Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer 2.0.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper neutralization of XSS syntax, resulting in AI-generated content being rendered...

6.1CVSS5.3AI score0.00406EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/02/07 12:24 a.m.4 views

SUSE CVE-2026-24735

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or...

7.5CVSS5.3AI score0.00619EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/05 1:23 p.m.4 views

CVE-2026-24735

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or...

7.5CVSS5.4AI score0.00619EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 3:20 a.m.4 views

GO-2026-4421 Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability in github.com/apache/answer

Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability in github.com/apache/answer. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positiv...

7.5CVSS5.4AI score0.00619EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.4 views

PT-2026-6525

Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability in github.com/apache/answer. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positiv...

7.5CVSS5.5AI score0.00619EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/04 12:31 p.m.2 views

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the /revisions endpoint, which exposes the full revision history of deleted content to unauthenticated attackers. Remediation Upgrade...

8.7CVSS5.3AI score0.00619EPSS
Exploits0References2
OSV
OSV
added 2026/02/04 12:31 p.m.3 views

GHSA-5W5R-8XC6-2XHW Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized users to retrieve restricted o...

8.7CVSS5.4AI score0.00619EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/04 12:31 p.m.7 views

Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized users to retrieve restricted o...

7.5CVSS5.3AI score0.00619EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/02/04 11:16 a.m.7 views

CVE-2026-24735

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or...

7.5CVSS0.00619EPSS
Exploits0References2
OSV
OSV
added 2026/02/04 10:41 a.m.5 views

CVE-2026-24735 Apache Answer: Revision API Improper Access Control leads to Information Disclosure

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or...

7.5CVSS5.9AI score0.00619EPSS
Exploits0References4
Rows per page
Query Builder