Lucene search
K

64 matches found

Nuclei
Nuclei
added 16 hours ago73 views

ArgoCD Project API Token Repository Credentials Exposure

Argo CD API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwords through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability...

9.9CVSS7.1AI score0.04518EPSS
Exploits1References3
NVD
NVD
added 6 days ago9 views

CVE-2026-12433

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS0.00435EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-12433

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS5.9AI score0.00435EPSS
Exploits0References11
OSV
OSV
added 2026/05/26 1:30 p.m.4 views

GHSA-RMVV-8V8W-RF7X Mattermost doesn't validate user-supplied input in API request handlers

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/22 1:44 p.m.10 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the API request handlers due to insufficient validation of user-supplied input. An attacker can cause the plugin process to crash by sending a specially crafted HTTP request to the PR...

5.3CVSS5.8AI score0.0025EPSS
Exploits0References2
NVD
NVD
added 2026/05/22 11:16 a.m.12 views

CVE-2026-4646

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...

4.3CVSS0.0025EPSS
Exploits0References1
OSV
OSV
added 2026/05/22 10:25 a.m.5 views

CVE-2026-4646 Insufficient input validation in GitHub plugin API causes denial of service

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.16 views

PT-2026-42748

Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 Description Insufficient input validation in the GitHub plugin API request handlers allows an authenticated attacker to cause a denial of...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.17 views

PT-2026-42559

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/message detail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and t...

6.3CVSS5.8AI score0.00201EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.16 views

PT-2026-40462

Name of the Vulnerable Software and Affected Versions GoJobs affected versions not specified Description GoJobs is a REST API for a Job Board platform. The application contains a job retrieval endpoint that lacks proper authentication and authorization checks. This allows unauthenticated users to...

5.3CVSS5.8AI score0.00239EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/05 7:12 p.m.8 views

EUVD-2026-27448

Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the getorgcollectionsdetails endpoint GET /api/organizations/orgid/collections/details is missing the hasfullaccess authorization check that exists on the sibling getorgcollections endpoint. This allows a...

5.3CVSS5.8AI score0.0017EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/05 7:12 p.m.10 views

CVE-2026-33420

Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the getorgcollectionsdetails endpoint GET /api/organizations/orgid/collections/details is missing the hasfullaccess authorization check that exists on the sibling getorgcollections endpoint. This allows a...

5.3CVSS5.8AI score0.0017EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/06 5:0 p.m.4 views

CVE-2026-5577

A vulnerability has been found in Song-Li crossbrowser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachineapp.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

8.6CVSS6.7AI score0.00376EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/05 6:30 p.m.5 views

EUVD-2026-19103

A vulnerability has been found in Song-Li crossbrowser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachineapp.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

7.5CVSS6.7AI score0.00376EPSS
Exploits1References5
NVD
NVD
added 2026/04/05 4:16 p.m.6 views

CVE-2026-5577

A vulnerability has been found in Song-Li crossbrowser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachineapp.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

8.6CVSS0.00376EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/05 3:30 p.m.30 views

CVE-2026-5577 Song-Li cross_browser details Endpoint uniquemachine_app.py sql injection

A vulnerability has been found in Song-Li crossbrowser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachineapp.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

7.5CVSS0.00376EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/05 3:30 p.m.2 views

CVE-2026-5577

A vulnerability has been found in Song-Li crossbrowser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachineapp.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

7.5CVSS6.7AI score0.00376EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/05 3:30 p.m.4 views

CVE-2026-5577 Song-Li cross_browser details Endpoint uniquemachine_app.py sql injection

A vulnerability has been found in Song-Li crossbrowser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachineapp.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

7.5CVSS6.7AI score0.00376EPSS
Exploits1References4
CVE
CVE
added 2026/04/05 3:30 p.m.11 views

CVE-2026-5577

CVE-2026-5577 affects Song-Li cross_browser (up to commit ca690f0fe6954fd9bcda36d071b68ed8682a786a). The vulnerable component is the details Endpoint in the file flask/uniquemachine_app.py. Manipulating the argument ID can lead to an SQL injection vulnerability. The issue can be triggered remotel...

8.6CVSS6.7AI score0.00376EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.9 views

PT-2026-30446

Name of the Vulnerable Software and Affected Versions Song-Li cross browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a Description A vulnerability exists in Song-Li cross browser, potentially allowing for SQL injection. The issue affects an unknown part of the flask/uniquemachine app.py file...

8.6CVSS6.7AI score0.00376EPSS
Exploits1References9
Rows per page
Query Builder