Lucene search
+L

1014 matches found

OSV
OSV
added 2026/03/05 9:48 p.m.6 views

GHSA-87X4-J8VH-P5QF Plane is Vulnerable to Unauthenticated Workspace Member Information Disclosure

Executive Summary A security vulnerability exists in the Plane project management platform that allows unauthenticated attackers to enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerability stems from Django RE...

7.5CVSS5.9AI score0.00377EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.13 views

PT-2026-23619

Name of the Vulnerable Software and Affected Versions Plane versions prior to 1.2.2 Description An issue exists in Plane that allows unauthenticated attackers to enumerate workspace members and extract sensitive information, including email addresses, user roles, and internal identifiers. This is...

7.5CVSS5.8AI score0.00377EPSS
Exploits0References7
NVD
NVD
added 2026/03/04 6:16 a.m.9 views

CVE-2026-2025

The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog...

7.5CVSS0.01379EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/04 6:0 a.m.384 views

CVE-2026-2025 Mail Mint < 1.19.5 - Unauthenticated Emails Disclosure

The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog...

0.01379EPSS
Exploits0References1
OSV
OSV
added 2026/03/01 1:30 a.m.3 views

GHSA-W878-F8C6-7R63 Statamic's missing authorization allows access to email addresses

Impact User email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the “view users” permission. Patches This has been fixed in 5.73.11 and 6.4.0...

6.5CVSS5.9AI score0.00231EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/01 1:30 a.m.9 views

Statamic's missing authorization allows access to email addresses

Impact User email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the “view users” permission. Patches This has been fixed in 5.73.11 and 6.4.0...

6.5CVSS5.9AI score0.00231EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/02/27 10:14 p.m.27 views

CVE-2026-28424 Statamic's missing authorization allows access to email addresses

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, user email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the "view users" permission. This has been fixed in 5.73.11 a...

6.5CVSS0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/27 10:14 p.m.3 views

CVE-2026-28424 Statamic's missing authorization allows access to email addresses

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, user email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the "view users" permission. This has been fixed in 5.73.11 a...

6.5CVSS5.9AI score0.00231EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 10:14 p.m.8 views

CVE-2026-28424 Statamic's missing authorization allows access to email addresses

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, user email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the "view users" permission. This has been fixed in 5.73.11 a...

6.5CVSS5.9AI score0.00231EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/27 8:25 p.m.21 views

CVE-2026-28288 Dify has a user enumeration issue

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...

6.9CVSS0.00635EPSS
Exploits1References2
CVE
CVE
added 2026/02/27 8:25 p.m.18 views

CVE-2026-28288

Dify (open-source LLM app development platform) has a user enumeration vulnerability in its API prior to version 1.9.0, where responses differ between existing and non-existent accounts, enabling email-address enumeration. The issue is addressed in version 1.9.0. Exploitation is noted as a proof-...

6.9CVSS5.9AI score0.00635EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/26 8:54 a.m.5 views

BIT-SUPERSET-2026-23983 Apache Superset: Sensitive Data Exposure via REST API (disabled by default)

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

6.5CVSS5.7AI score0.004EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.13 views

PT-2026-22210

Name of the Vulnerable Software and Affected Versions Hoppscotch versions prior to 2026.2.0 Description Hoppscotch, an API development ecosystem, had a critical security issue where an unauthenticated attacker could overwrite the entire infrastructure configuration of a self-hosted instance. This...

9.1CVSS6AI score0.00455EPSS
Exploits1References12
Github Security Blog
Github Security Blog
added 2026/02/24 3:30 p.m.13 views

Apache Superset allows authenticated users to view sensitive data without explicit permissions

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

6.5CVSS5.6AI score0.004EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/24 3:30 p.m.5 views

GHSA-H294-8FXM-M2PJ Apache Superset allows authenticated users to view sensitive data without explicit permissions

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

2.3CVSS5.7AI score0.004EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/24 12:52 p.m.20 views

CVE-2026-23983 Apache Superset: Sensitive Data Exposure via REST API (disabled by default)

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

2.3CVSS0.004EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/24 12:52 p.m.5 views

CVE-2026-23983 Apache Superset: Sensitive Data Exposure via REST API (disabled by default)

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

2.3CVSS5.5AI score0.004EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/24 12:52 p.m.8 views

EUVD-2026-8477

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

2.3CVSS5.5AI score0.004EPSS
Exploits0References1
OSV
OSV
added 2026/02/24 12:52 p.m.7 views

CVE-2026-23983 Apache Superset: Sensitive Data Exposure via REST API (disabled by default)

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

2.3CVSS6AI score0.004EPSS
Exploits0References4
CVE
CVE
added 2026/02/24 12:52 p.m.29 views

CVE-2026-23983

Apache Superset (CVE-2026-23983) has an information disclosure vulnerability via the Tag endpoint (disabled by default). When the tagged objects include Users, the API may serialize and return sensitive fields such as password hashes (pbkdf2), email addresses, and login statistics to authenticate...

6.5CVSS5.5AI score0.004EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder