Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/01/24 2:2 a.m.31 views

CVE-2026-24422 phpMyFAQ: Public API endpoints expose emails and invisible questions

phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list endpoint calls Question::getAll with showAll=true by default, returning...

5.3CVSS0.00375EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-12138

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00276EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2025/08/16 2:34 a.m.5 views

CVE-2025-49895

Cross-Site Request Forgery CSRF vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a through 1.0.5...

8.8CVSS5.2AI score0.00143EPSS
Exploits0References3
OSV
OSV
added 2025/05/30 3:30 p.m.1 views

GHSA-HC6V-386M-93PQ Mattermost fails to properly enforce access controls for guest users

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public channels via the channel members API endpoint...

3.1CVSS6.8AI score0.00205EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 4:27 a.m.10 views

CVE-2023-4417

Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in th...

6.5CVSS6.8AI score0.00448EPSS
Exploits0
OSV
OSV
added 2025/04/22 4:56 p.m.9 views

GO-2025-3604 Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint in github.com/mattermost/mattermost-server

Mattermost Fails to Enforce Proper Access Controls on /api/v4/audits Endpoint in github.com/mattermost/mattermost-server...

2.7CVSS6.7AI score0.00259EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/16 12:42 p.m.22 views

CVE-2025-30215

A flaw was found in NATS-SERVER. In affected versions of NATS-SERVER, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially exposed into regular accounts to allow account holders to manage their assets. Some JS API requests...

9.6CVSS9.4AI score0.00529EPSS
Exploits0References5
Rows per page
Query Builder