Sensitive Information Exposure

github.com/mattermost/mattermost-server is vulnerable to sensitive information exposure. The vulnerability is due to improper sanitization of user data, which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/userid/email/verify/member endpoint...

CVE-2026-40348

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets through POST /settings/jellyfin/server-url-verify. The endpoint accepts a user-controlled URL, appends...

CVE-2026-39331

ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can modify any family record's state without proper authorization by simply changing the familyId parameter in requests, regardless of whether they possess the required EditRecords privilege...

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile...

EUVD-2025-208562

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile...

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile...

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile...

CVE-2025-67298

CVE-2025-67298 affects ClasroomIO prior to v0.2.6. A remote attacker can escalate privileges through the endpoints /api/verify and /rest/v1/profile. The issue is classified as high severity (CVSS 3.1: 8.1, NETWORK, HIGH impact on confidentiality, integrity, and availability) with no user interact...

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile...

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile...

ClassroomIO.com 安全漏洞

ClassroomIO.com is an educational platform developed by ClassroomIO as open source. Versions of ClassroomIO.com prior to 0.2.6 contained security vulnerabilities. These vulnerabilities stemmed from defects in the/api/verify and/rest/v1/profile endpoints, which could allow remote attackers to gain...

PT-2026-24682

🟠 CVE-2025-67298 - High An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile https://t.co/8wYmHccMqd https://t.co/YPBYyDSyrj...

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile...

📄 MinIO RELEASE.2023-03-20T20-16-18Z Vulnerability Scanner

This PHP script is a command-line vulnerability scanner designed to detect CVE-2023-28432 in MinIO servers. The vulnerability allows unauthenticated access to sensitive environment variables through the /minio/bootstrap/v1/verify endpoint...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the POST /api/v4/users/userid/email/verify/member endpoint. An attacker can obtain sensitive information, such as password hashes and MFA secrets, by sending crafted requests to this endpoint. Remediation Upgrad...

CVE-2025-11794

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/userid/email/verify/member endpoint...

CVE-2025-11794

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/userid/email/verify/member endpoint...

PT-2025-46949

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.x through 10.5.11 Mattermost versions 10.11.x through 10.11.3 Mattermost versions 10.12.x through 10.12.0 Description The software does not properly sanitize user data, potentially allowing system administrators to...

CVE-2024-7079

A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser middleware function. Contrary to its name, this...

Red Hat OpenShift Container Platform 访问控制错误漏洞

Red Hat OpenShift Container Platform is a suite of application platforms from Red Hat, Inc. that enable organizations to develop, deploy and manage existing container-based applications across physical, virtual and public cloud infrastructures. An access control error vulnerability exists in Red...