Lucene search
K

4429 matches found

OSV
OSV
added 2026/05/19 12:31 p.m.5 views

GHSA-J8MX-J73W-9MXW Vaadin Build Plugins is Affected by a Possible Information Disclosure Vulnerability

A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...

5.8CVSS5.8AI score0.00117EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/19 12:31 p.m.7 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the frontend build process when it exits with a non-zero status. An attacker can obtain sensitive environment variables, including credentials, by reviewing build logs or archived build artifacts generated during...

7.2CVSS5.4AI score0.00117EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 12:31 p.m.9 views

Vaadin Build Plugins is Affected by a Possible Information Disclosure Vulnerability

A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...

5.8CVSS5.8AI score0.00117EPSS
Exploits0References4Affected Software3
NVD
NVD
added 2026/05/19 12:16 p.m.14 views

CVE-2026-7860

A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...

5.8CVSS0.00117EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 11:1 a.m.12 views

CVE-2026-7860 Possible information disclosure of environment variables in Vaadin Build Plugins via Failed Frontend Build

A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...

5.8CVSS5.8AI score0.00117EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 11:1 a.m.21 views

CVE-2026-7860

CVE-2026-7860 describes an information-disclosure risk in Vaadin build tools: Vaadin Maven/Gradle plugins can print the full set of environment variables to build logs when a frontend build fails (non-zero exit). This can expose credentials/secrets in CI logs and artifacts. Affected ranges and fi...

5.8CVSS5.8AI score0.00117EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 11:1 a.m.11 views

EUVD-2026-30891

A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...

5.8CVSS5.8AI score0.00117EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 11:1 a.m.8 views

CVE-2026-7860

A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...

5.8CVSS5.8AI score0.00117EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/19 11:1 a.m.53 views

CVE-2026-7860 Possible information disclosure of environment variables in Vaadin Build Plugins via Failed Frontend Build

A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...

5.8CVSS0.00117EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 10:16 a.m.16 views

CVE-2026-46721

The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to...

6.9CVSS0.00352EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 9:19 a.m.36 views

CVE-2026-46721 Broken Access Control in extension "Frontend User Registration" (sf_register)

The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to...

6.9CVSS0.00352EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 9:19 a.m.9 views

EUVD-2026-30857

The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to...

6.9CVSS5.9AI score0.00352EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:19 a.m.18 views

CVE-2026-46721

Summary (CVE-2026-46721): The issue is in the TYPO3 extension “Frontend User Registration” (sf_register). The create/edit flows allow submitting arbitrary user properties and do not enforce frontend access control on user-group assignment, enabling an attacker to assign any frontend user group to...

6.9CVSS5.9AI score0.00352EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 9:19 a.m.8 views

CVE-2026-46721 Broken Access Control in extension "Frontend User Registration" (sf_register)

The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to...

6.9CVSS5.9AI score0.00352EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:19 a.m.8 views

CVE-2026-46721

The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to...

6.9CVSS5.9AI score0.00352EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.14 views

PT-2026-41882

A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...

5.8CVSS5.8AI score0.00117EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

TYPO3 Extension Frontend User Registration 安全漏洞

TYPO3 Extension Frontend User Registration is an open-source extension for TYPO3 that handles user registration at the frontend level. There is a security vulnerability in TYPO3 Extension Frontend User Registration. This vulnerability stems from the lack of restrictions on the submission of user...

6.9CVSS5.8AI score0.00352EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.16 views

PT-2026-41999

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

6.5CVSS5.7AI score0.00404EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/19 12:0 a.m.9 views

EUVD-2026-30979

An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations...

5.8AI score0.00248EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

InnoShop 安全漏洞

InnoShop is an open-source e-commerce system based on Laravel 11, developed by InnoShop. Version 0.6.0 of InnoShop has a security vulnerability. This vulnerability stems from improper authorization; attackers can log in to the frontend and directly access the backend application interfaces, leadi...

7.3CVSS5.8AI score0.00248EPSS
Exploits0References2
Rows per page
Query Builder