Lucene search
K

29 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: net: usb: pegasus: enable basic endpoint checking The pegasusprobe function fills URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbrcvbulkpipedev, 1 for RX data - usbsndbulkpipedev, 2 for TX...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References2
Veracode
Veracode
added 2026/04/20 6:40 a.m.7 views

Sensitive Information Exposure

github.com/mattermost/mattermost-server is vulnerable to sensitive information exposure. The vulnerability is due to improper sanitization of user data, which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/userid/email/verify/member endpoint...

4.9CVSS5.8AI score0.00249EPSS
Exploits0References6Affected Software2
NVD
NVD
added 2026/04/18 12:16 a.m.8 views

CVE-2026-40348

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets through POST /settings/jellyfin/server-url-verify. The endpoint accepts a user-controlled URL, appends...

7.7CVSS0.00379EPSS
Exploits1References4
NVD
NVD
added 2026/04/07 6:16 p.m.10 views

CVE-2026-39331

ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can modify any family record's state without proper authorization by simply changing the familyId parameter in requests, regardless of whether they possess the required EditRecords privilege...

8.1CVSS0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.9 views

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile...

8.1CVSS5.8AI score0.00218EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/11 3:31 p.m.6 views

EUVD-2025-208562

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile...

8.1CVSS5.8AI score0.00218EPSS
Exploits1References3
NVD
NVD
added 2026/03/11 3:16 p.m.9 views

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile...

8.1CVSS0.00218EPSS
Exploits1References2
CVE
CVE
added 2026/03/11 12:0 a.m.22 views

CVE-2025-67298

CVE-2025-67298 affects ClasroomIO prior to v0.2.6. A remote attacker can escalate privileges through the endpoints /api/verify and /rest/v1/profile. The issue is classified as high severity (CVSS 3.1: 8.1, NETWORK, HIGH impact on confidentiality, integrity, and availability) with no user interact...

8.1CVSS5.8AI score0.00218EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/11 12:0 a.m.26 views

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile...

0.00218EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.12 views

PT-2026-24682

🟠 CVE-2025-67298 - High An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile https://t.co/8wYmHccMqd https://t.co/YPBYyDSyrj...

8.1CVSS5.8AI score0.00218EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/11 12:0 a.m.5 views

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile...

8.1CVSS5.8AI score0.00218EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

ClassroomIO.com 安全漏洞

ClassroomIO.com is an educational platform developed by ClassroomIO as open source. Versions of ClassroomIO.com prior to 0.2.6 contained security vulnerabilities. These vulnerabilities stemmed from defects in the/api/verify and/rest/v1/profile endpoints, which could allow remote attackers to gain...

8.1CVSS5.8AI score0.00218EPSS
Exploits1References2
OSV
OSV
added 2026/03/11 12:0 a.m.6 views

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile...

8.1CVSS5.9AI score0.00218EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/11 12:0 a.m.2 views

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile...

5.8AI score0.00218EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2026/01/27 12:0 a.m.158 views

📄 MinIO RELEASE.2023-03-20T20-16-18Z Vulnerability Scanner

This PHP script is a command-line vulnerability scanner designed to detect CVE-2023-28432 in MinIO servers. The vulnerability allows unauthenticated access to sensitive environment variables through the /minio/bootstrap/v1/verify endpoint...

7.5CVSS5.9AI score0.83957EPSS
Exploits13
Snyk
Snyk
added 2025/11/14 11:41 a.m.5 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the POST /api/v4/users/userid/email/verify/member endpoint. An attacker can obtain sensitive information, such as password hashes and MFA secrets, by sending crafted requests to this endpoint. Remediation Upgrad...

6.9CVSS6.9AI score0.00249EPSS
Exploits0References2
NVD
NVD
added 2025/11/14 11:15 a.m.21 views

CVE-2025-11794

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/userid/email/verify/member endpoint...

4.9CVSS0.00249EPSS
Exploits0References1
OSV
OSV
added 2025/11/14 10:45 a.m.6 views

CVE-2025-11794 Password hash and MFA secret returned in user email verification endpoint

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/userid/email/verify/member endpoint...

4.9CVSS6AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.7 views

PT-2025-46949

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.x through 10.5.11 Mattermost versions 10.11.x through 10.11.3 Mattermost versions 10.12.x through 10.12.0 Description The software does not properly sanitize user data, potentially allowing system administrators to...

4.9CVSS6.8AI score0.00249EPSS
Exploits0References15
OSV
OSV
added 2024/07/24 4:15 p.m.9 views

CVE-2024-7079

A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser middleware function. Contrary to its name, this...

6.5CVSS6.8AI score0.00361EPSS
Exploits0References2
Rows per page
Query Builder