Lucene search
K

265 matches found

CVE
CVE
added 2026/03/27 8:36 p.m.11 views

CVE-2026-33882

Statamic CMS vulnerability CVE-2026-33882 affects Statamic versions prior to 5.73.16 and 6.7.2. The issue lies in the markdown preview endpoint, which could be manipulated to return augmented data from arbitrary fieldtypes. In particular, the users fieldtype could be leveraged by an authenticated...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/27 8:36 p.m.5 views

CVE-2026-33882 Statamic's Markdown preview endpoint exposes sensitive user data

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the markdown preview endpoint could be manipulated to return augmented data from arbitrary fieldtypes. With the users fieldtype specifically, an authenticated control panel user could retriev...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:36 p.m.2 views

CVE-2026-33882

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the markdown preview endpoint could be manipulated to return augmented data from arbitrary fieldtypes. With the users fieldtype specifically, an authenticated control panel user could retriev...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/03/27 1:16 a.m.3 views

CVE-2026-33890

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to obtain a full admin session. The application exposes passkey registration endpoints without...

9.8CVSS0.00492EPSS
Exploits1References2
OSV
OSV
added 2026/03/27 12:38 a.m.4 views

CVE-2026-33890 MyTube has an Unauthenticated Admin Privilege Escalation via Passkey Registration

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to obtain a full admin session. The application exposes passkey registration endpoints without...

9.3CVSS6AI score0.00492EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:38 a.m.2 views

CVE-2026-33890

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to obtain a full admin session. The application exposes passkey registration endpoints without...

9.3CVSS5.9AI score0.00492EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/27 12:38 a.m.13 views

CVE-2026-33890

CVE-2026-33890 is a pre-1.8.71 issue in MyTube (self-hosted downloader/player) where unauthenticated users can register an arbitrary passkey via exposed endpoints and then authenticate with that passkey to obtain a full admin session. The root cause is unauthenticated passkey registration that im...

9.8CVSS5.9AI score0.00492EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/27 12:38 a.m.28 views

CVE-2026-33890 MyTube has an Unauthenticated Admin Privilege Escalation via Passkey Registration

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to obtain a full admin session. The application exposes passkey registration endpoints without...

9.3CVSS0.00492EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/27 12:38 a.m.3 views

CVE-2026-33890 MyTube has an Unauthenticated Admin Privilege Escalation via Passkey Registration

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to obtain a full admin session. The application exposes passkey registration endpoints without...

9.3CVSS6AI score0.00492EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/27 12:38 a.m.3 views

EUVD-2026-16519

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to obtain a full admin session. The application exposes passkey registration endpoints without...

9.3CVSS5.9AI score0.00492EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28555

Name of the Vulnerable Software and Affected Versions MyTube versions prior to 1.8.71 Description MyTube is a self-hosted downloader and player for several video websites. Before version 1.8.71, an unauthenticated attacker could register an arbitrary passkey and subsequently authenticate with it ...

9.3CVSS6AI score0.00492EPSS
Exploits1References5
OSV
OSV
added 2026/03/26 8:33 p.m.5 views

GO-2026-4813 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api...

4.9CVSS5.9AI score0.00289EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/26 8:33 p.m.2 views

Authentication Bypass by Assumed-Immutable Data

Overview Affected versions of this package are vulnerable to Authentication Bypass by Assumed-Immutable Data in the step-up verification process. An attacker can gain unauthorized access to root-only channel secrets by bypassing authentication mechanisms using passkey-based methods. Remediation...

6.9CVSS6AI score0.00289EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.4 views

CVE-2026-32879

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS5.8AI score0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32132

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Zitadel's passkey registration endpoints. This endpoint allows registering a new passkey using a previously retrieved code. An improper expiration check of the code, could allow ...

7.4CVSS5.8AI score0.00399EPSS
Exploits0References1
NVD
NVD
added 2026/03/23 8:16 p.m.9 views

CVE-2026-32879

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS0.00289EPSS
Exploits0References1
OSV
OSV
added 2026/03/23 7:56 p.m.4 views

GHSA-5353-F8FQ-65VC New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure

Summary A logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAuthn assertion. Affected versions = v0.10.0 Description The POST /api/verify endpoint supports multiple secure verification...

4.9CVSS5.7AI score0.00289EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/23 7:56 p.m.4 views

EUVD-2026-14522

New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure...

4.9CVSS5.8AI score0.00289EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/23 7:56 p.m.21 views

New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure

Summary A logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAuthn assertion. Affected versions = v0.10.0 Description The POST /api/verify endpoint supports multiple secure verification...

4.9CVSS5.7AI score0.00289EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/23 7:24 p.m.5 views

CVE-2026-32879 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS6.4AI score0.00289EPSS
Exploits0References3
Rows per page
Query Builder