Lucene search
K

4 matches found

NVD
NVD
added 6 hours ago4 views

CVE-2026-48799

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...

7.7CVSS0.00022EPSS
Exploits0References4
Cvelist
Cvelist
added 7 hours ago3 views

CVE-2026-48799 Postiz: Unauthenticated arbitrary lifetime PRO grant via Nowpayments webhook

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...

7.7CVSS0.00022EPSS
Exploits0References4
CVE
CVE
added 7 hours ago5 views

CVE-2026-48799

CVE-2026-48799 - Postiz : An unauthenticated Nowpayments IPN callback verification flaw allows a low-privilege attacker to read the target subscription ID from the untrusted request body and grant lifetime PRO subscriptions to arbitrary organizations. Root cause: missing IPN authenticity verifica...

7.7CVSS6.2AI score0.00022EPSS
Exploits0References4
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-44712

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...

7.7CVSS6.2AI score0.00022EPSS
Exploits0References4
Rows per page
Query Builder