Lucene search
+L

11 matches found

attackerkb
attackerkb
added 2026/07/06 9:10 p.m.3 views

CVE-2026-41899

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...

6.5CVSS6AI score0.003EPSS
Exploits0References4Affected Software1
cve
cve
added 2026/07/06 9:10 p.m.14 views

CVE-2026-41899

CVE-2026-41899 affects Coolify prior to 4.0.0-beta.474. The POST /api/feedback endpoint is unauthenticated, lacks rate limiting and input validation, allowing arbitrary content to reach a Discord webhook and enabling spam, content injection, and webhook abuse. Remediation: upgrade to Coolify 4.0....

6.5CVSS6AI score0.003EPSS
Exploits0References3
cvelist
cvelist
added 2026/07/06 9:10 p.m.32 views

CVE-2026-41899 Coolify unauthenticated feedback endpoint allows Discord webhook abuse

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...

6.5CVSS0.003EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.8 views

PT-2026-56024

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description The application lacks authentication, rate limiting, and input validation at the 'POST /api/feedback' endpoint. This allows arbitrary content to be forwarded directly to a Discord webhook,...

6.5CVSS6AI score0.003EPSS
Exploits0References7
cvelist
cvelist
added 2026/05/15 8:33 p.m.62 views

CVE-2026-45396 Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS0.00307EPSS
Exploits1References1
euvd
euvd
added 2026/05/15 8:33 p.m.19 views

EUVD-2026-30630

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS5.9AI score0.00307EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/05/15 8:33 p.m.9 views

CVE-2026-45396

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS5.9AI score0.00307EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2025/12/09 8:35 p.m.21 views

CVE-2021-47702 OpenBMCS Cross Site Request Forgery (CSRF) via sendFeedback.php

OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings...

5.3CVSS0.00165EPSS
Exploits2References4
cnnvd
cnnvd
added 2025/12/09 12:0 a.m.6 views

OpenBMCS 跨站请求伪造漏洞

OpenBMCS is a building management and control system from OpenBMCS Australia. A cross-site request forgery vulnerability exists in OpenBMCS version 2.4, which stems from a cross-site request forgery issue in the sendFeedback.php endpoint that could lead to the execution of an administrator action...

5.3CVSS6.8AI score0.00165EPSS
Exploits2References5
ptsecurity
ptsecurity
added 2025/11/17 12:0 a.m.10 views

PT-2025-47171

Name of the Vulnerable Software and Affected Versions kashipara School Management System version 1.0 Description The software is susceptible to Cross Site Scripting XSS attacks. The issue is located in the /client user/feedback.php endpoint. An attacker could potentially inject malicious scripts...

6.1CVSS5.9AI score0.0022EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2024/08/09 12:0 a.m.4 views

PT-2024-28865 · Unknown · Kashipara Online Exam System

Name of the Vulnerable Software and Affected Versions: Kashipara Online Exam System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the "/admin/afeedback.php" endpoint, allowing remote attackers to execute arbitrary code via the rname and email parameter fields. This...

5.4CVSS6.6AI score0.00604EPSS
Exploits1References4
Rows per page
Query Builder