4192 matches found
GHSA-7C2G-P23P-4JG3 Vikjuna: Webhook BasicAuth Credentials Exposed to Read-Only Project Collaborators via API
Summary The GET /api/v1/projects/:project/webhooks endpoint returns webhook BasicAuth credentials basicauthuser and basicauthpassword in plaintext to any user with read access to the project. While the existing code correctly masks the HMAC secret field, the BasicAuth fields added in a later...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the ReadAll process. An attacker can obtain plaintext BasicAuth credentials intended for external webhook authentication by accessing the API with only read permissions to a project. Remediation Upgrade...
Vikjuna: Webhook BasicAuth Credentials Exposed to Read-Only Project Collaborators via API
Summary The GET /api/v1/projects/:project/webhooks endpoint returns webhook BasicAuth credentials basicauthuser and basicauthpassword in plaintext to any user with read access to the project. While the existing code correctly masks the HMAC secret field, the BasicAuth fields added in a later...
EUVD-2026-15887
Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through = 6.9.2...
CVE-2026-33663
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth,...
CVE-2026-32523
Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through = 6.9.2...
CVE-2026-33663
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth,...
CVE-2026-32523 WordPress WPJAM Basic plugin <= 6.9.2 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through = 6.9.2...
CVE-2026-32523
Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through = 6.9.2...
CVE-2026-32523 WordPress WPJAM Basic plugin <= 6.9.2 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through = 6.9.2...
CVE-2026-32523
The CVE CVE-2026-32523 concerns WPJAM Basic (plugin WPJAM Basic) with an Unrestricted/Arbitrary File Upload vulnerability affecting WPJAM Basic versions up to 6.9.2. The connected Wordfence report confirms an authenticated (Subscriber+) Arbitrary File Upload in WPJAM Basic (
WordPress plugin WPJAM Basic 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Vikjuna: Webhook BasicAuth Credentials Exposed to Read-Only Project Collaborators via API
The GET /api/v1/projects/:project/webhooks endpoint returns webhook BasicAuth credentials basicauthuser and basicauthpassword in plaintext to any user with read access to the project. While the existing code correctly masks the HMAC secret field, the BasicAuth fields added in a later migration we...
PT-2026-28037
Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through = 6.9.2...
Malicious code in mattermost-data-warehouse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 50f2483a1650869326d4fddf7bf66bc1dc6e6d614300cf8b41577595ded48165 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
CVE-2026-33677
Vikunja (self-hosted task management) prior to version 2.2.1 exposes webhook BasicAuth credentials (basic_auth_user, basic_auth_password) via GET /api/v1/projects/:project/webhooks to any user with read access. The code already masks the HMAC secret, but the BasicAuth fields were not masked after...
CVE-2026-33677 Webhook BasicAuth Credentials Exposed to Read-Only Project Collaborators via API
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the GET /api/v1/projects/:project/webhooks endpoint returns webhook BasicAuth credentials basicauthuser and basicauthpassword in plaintext to any user with read access to the project. While the existing code...
CVE-2026-33315
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, the Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be...
CVE-2026-33315 Vikunja has a 2FA Bypass via Caldav Basic Auth
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, the Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be...
CVE-2026-33315
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, the Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be...