EUVD-2026-18841

A specific administrative endpoint notifications is accessible without proper authentication...

CVE-2026-28767 Gardyn Cloud API Missing Authentication for Critical Function

A specific administrative endpoint notifications is accessible without proper authentication...

CVE-2026-28767

CVE-2026-28767 affects Gardyn Cloud API: the administrative endpoint /api/admin/notifications is accessible without authentication. This allows information disclosure of internal administrative communications and related data. The documented remediation is to require admin authentication on all /...

CVE-2026-28767

A specific administrative endpoint notifications is accessible without proper authentication...

CVE-2026-27464 Metabase: Server-Side Template Injection via Notifications Endpoint Leads to RCE

Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated users are able to retrieve sensitive information from a Metabase instance, including database access credentials. During testing, it was confirmed that a low-privileg...

CVE-2026-27464

Metabase (open-source data analytics platform) is affected by CVE-2026-27464 in versions prior to 0.57.13 and 0.58.x up to 0.58.6. The issue permits authenticated users to extract sensitive information, including database access credentials, via template evaluation in the Notifications endpoint, ...

CVE-2025-54598

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI...

CVE-2025-54598

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI...

CVE-2025-54598

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI...