Lucene search
K

34 matches found

NVD
NVD
added 2026/06/20 7:16 p.m.10 views

CVE-2026-56341

AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including...

8.7CVSS0.00302EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.11 views

CVE-2026-5308

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

7.5CVSS5.5AI score0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 9:8 p.m.32 views

CVE-2026-44848 Portainer: Missing authorization on Docker plugin endpoints allows host RCE

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints /plugins/ were not registered...

9.4CVSS0.00328EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/28 9:8 p.m.9 views

EUVD-2026-33064

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints /plugins/ were not registered...

9.4CVSS5.7AI score0.00328EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/28 9:8 p.m.14 views

CVE-2026-44848 Portainer: Missing authorization on Docker plugin endpoints allows host RCE

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints /plugins/ were not registered...

9.4CVSS5.7AI score0.00328EPSS
Exploits1References1
CVE
CVE
added 2026/05/28 9:8 p.m.135 views

CVE-2026-44848

CVE-2026-44848 concerns Portainer Community Edition where missing authorization on the Docker plugin endpoints allowed a non-admin Portainer user with endpoint access to perform privileged Docker plugin operations directly against the Docker daemon. Affected releases include 2.33.0–2.33.7, 2.39.0...

9.4CVSS5.7AI score0.00328EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/05/22 11:16 a.m.9 views

CVE-2026-5308

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

7.5CVSS0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 10:20 a.m.11 views

EUVD-2026-31425

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 10:20 a.m.19 views

CVE-2026-5308

CVE-2026-5308 affects Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, and 10.11.x

7.5CVSS5.8AI score0.00254EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 10:20 a.m.11 views

CVE-2026-5308 Missing request body size limits on Zoom plugin HTTP endpoints

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

4.9CVSS5.8AI score0.00254EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 10:20 a.m.9 views

CVE-2026-5308

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.6.0 and earlier 11.6.x series, 11.5.3 and earlier 11.5.x series, 11.4.4 and earlier 11.4.x series, as well as 10.11.14 and earlier 10.11.x series. Thes...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.12 views

PT-2026-42749

Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 Description Failure to enforce request body size limits on plugin HTTP endpoints allows an attacker to cause a denial of service by sendi...

7.8CVSS5.8AI score0.00254EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/05/14 4:22 p.m.19 views

Portainer missing authorization on Docker plugin endpoints, which allows host RCE

Summary Portainer enforces Role-Based Access Control RBAC on top of the Docker API. The proxy layer routes incoming Docker API requests to per-resource handlers containers, images, services, volumes, etc. that apply authorization checks. The Docker plugin management endpoints /plugins/ were not...

9.4CVSS6AI score0.00328EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/05/14 4:22 p.m.5 views

GHSA-RRMM-9V76-H3P4 Portainer missing authorization on Docker plugin endpoints, which allows host RCE

Summary Portainer enforces Role-Based Access Control RBAC on top of the Docker API. The proxy layer routes incoming Docker API requests to per-resource handlers containers, images, services, volumes, etc. that apply authorization checks. The Docker plugin management endpoints /plugins/ were not...

9.4CVSS6AI score0.00328EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

Grafana OSS 安全漏洞

Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from the plugin resource endpoints’ ability to read the entire request body into memory, leading to unlimited memory allocation. This could potentially cause...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/06 1:7 p.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to a missing return statement after a permission check in the ServeHTTP function. An attacker can gain unauthorized access to, create, download, and delete sensitive legal hold data by sending crafted API...

8.8CVSS5.8AI score0.00378EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27192

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The CDN plugin endpoints plugin/CDN/status.json.php and plugin/CDN/disable.json.php use key-based authentication with an empty string as the default...

8.6CVSS5.8AI score0.00356EPSS
Exploits1References10
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.6 views

WWBN AVideo 访问控制错误漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained an access control vulnerability. This vulnerability stemmed from the use of default empty keys for authentication at the status.json.php and disable.json.php...

8.6CVSS5.8AI score0.00356EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:7 p.m.2 views

CVE-2026-32031

OpenClaw versions prior to 2026.2.26 server-http contains an authentication bypass vulnerability in gateway authentication for plugin channel endpoints due to path canonicalization mismatch between the gateway guard and plugin handler routing. Attackers can bypass authentication by sending reques...

6.3CVSS5.8AI score0.00192EPSS
Exploits0References3
Rows per page
Query Builder