Lucene search
+L

5 matches found

NVD
NVD
added 2 days ago7 views

CVE-2026-46515

Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.3, PERMREAD access was sufficient to call fmlistmanagers, fmlistpinsets, fmshowcontext, fmgetmcpconfig, fmbackupstatus, fmwhoscalling, fmrunsavedquery, and fmdiagnosetrunk, exposing AMI manager secrets, outbound dial PIN...

9.3CVSS0.00323EPSS
Exploits0References6
OSV
OSV
added 2 days ago4 views

CVE-2026-46515 Frogman: Multiple read-tier tools expose admin-grade data and arbitrary GraphQL execution

Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.3, PERMREAD access was sufficient to call fmlistmanagers, fmlistpinsets, fmshowcontext, fmgetmcpconfig, fmbackupstatus, fmwhoscalling, fmrunsavedquery, and fmdiagnosetrunk, exposing AMI manager secrets, outbound dial PIN...

9.3CVSS6.2AI score0.00323EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.17 views

PT-2026-45365

Name of the Vulnerable Software and Affected Versions apache-airflow versions prior to 3.2.2 Description The 'structure data' endpoint in the Airflow UI fails to verify if the caller has read permissions for linked DAGs Directed Acyclic Graphs, which are collections of all the tasks you want to...

3.1CVSS5.5AI score0.00459EPSS
Exploits0References14
OSV
OSV
added 2025/10/29 3:31 p.m.10 views

GHSA-23VJ-J6JC-W892 Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files

Jenkins Curseforge Publisher Plugin 1.0 and earlier stores API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the j...

4.3CVSS6.8AI score0.00158EPSS
Exploits0References4
OSV
OSV
added 2025/09/26 9:31 a.m.3 views

GHSA-Q475-2PGM-7HVP Apache Airflow: Connection sensitive details exposed to users with READ permissions

Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...

8.7CVSS7.3AI score0.00903EPSS
Exploits0References5
Rows per page
Query Builder