Lucene search
K

11 matches found

NVD
NVD
added 2026/06/29 6:16 p.m.11 views

CVE-2026-56783

Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including...

7.1CVSS0.00264EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 5:16 p.m.7 views

EUVD-2026-40159

Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including...

7.1CVSS5.8AI score0.00264EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 5:16 p.m.4 views

CVE-2026-56783 Parseable < 2.9.2 - Cleartext Credential Exposure in Notification Target API

Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including...

7.1CVSS5.9AI score0.00264EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:16 p.m.5 views

CVE-2026-56783

Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including...

7.1CVSS5.8AI score0.00264EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/29 5:16 p.m.5 views

CVE-2026-56783 Parseable < 2.9.2 - Cleartext Credential Exposure in Notification Target API

Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including...

7.1CVSS5.8AI score0.00264EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 5:16 p.m.36 views

CVE-2026-56783 Parseable < 2.9.2 - Cleartext Credential Exposure in Notification Target API

Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including...

7.1CVSS0.00264EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.22 views

PT-2026-53660

Name of the Vulnerable Software and Affected Versions Parseable versions prior to 2.9.2 Description An information disclosure issue exists in the notification-target API endpoints where webhook tokens and basic-auth credentials are returned in cleartext. This occurs because the secret-masking...

7.1CVSS5.9AI score0.00264EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/04/22 8:15 p.m.3 views

CVE-2026-40937 RustFS missing admin authorization on notification target endpoints, which allows unauthenticated configuration of event webhooks

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in rustfs/src/admin/handlers/event.rs use a checkpermissions helper that validates authentication only access key + session token, without performing any...

8.3CVSS5.7AI score0.00293EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/22 8:15 p.m.4 views

CVE-2026-40937

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in rustfs/src/admin/handlers/event.rs use a checkpermissions helper that validates authentication only access key + session token, without performing any...

8.3CVSS5.7AI score0.00293EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/22 7:24 p.m.6 views

GHSA-PFCQ-4GJR-6GJM RustFS: Missing admin authorization on notification target endpoints allows unauthenticated configuration of event webhooks

Missing Admin Auth on Notification Target Endpoints in RustFS Finding Summary All four notification target admin API endpoints in rustfs/src/admin/handlers/event.rs use a checkpermissions helper that validates authentication only access key + session token, without performing any admin-action...

8.3CVSS5.7AI score0.00293EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/22 7:24 p.m.8 views

RustFS: Missing admin authorization on notification target endpoints allows unauthenticated configuration of event webhooks

Missing Admin Auth on Notification Target Endpoints in RustFS Finding Summary All four notification target admin API endpoints in rustfs/src/admin/handlers/event.rs use a checkpermissions helper that validates authentication only access key + session token, without performing any admin-action...

8.3CVSS5.7AI score0.00293EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder