Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/04/16 10:47 p.m.5 views

Paperclip: Unauthenticated Access to Multiple API Endpoints in Authenticated Mode

Summary Several API endpoints in authenticated mode have no authentication at all. They respond to completely unauthenticated requests with sensitive data or allow state-changing operations. No account, no session, no API key needed. Verified against the latest version. Discord: sagi03581 Steps t...

5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/22 1:55 a.m.6 views

CVE-2026-23964 Mastodon has insufficient access control to push notification settings

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, an insecure direct object reference in the web push subscription update endpoint lets any authenticated user update another user's push subscription by guessing or obtaining th...

6.5CVSS5.6AI score0.00195EPSS
Exploits0References6
OSV
OSV
added 2024/05/14 10:29 p.m.38 views

GHSA-X744-MM8V-VPGR Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39201 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

8.5CVSS7.2AI score0.01228EPSS
Exploits0References6
Hacker One
Hacker One
added 2023/10/11 12:54 p.m.11 views

MTN Group: Information disclosure via enabled Django Debug Mode

The Django Debug Mode was enabled, which resulted in the disclosure of error messages, API endpoints, and the ability to register arbitrary user accounts and enumerate email addresses of registered users...

7AI score
Exploits0
Rows per page
Query Builder