Lucene search
K

4 matches found

EUVD
EUVD
added 2026/06/30 3:51 p.m.8 views

EUVD-2026-40374

Nightingale n9e before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basic-auth passwords, and mTLS client keys, to any authenticated low-privilege Standard role user through POST /api/n9e/datasource/list. The route is...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53918

Name of the Vulnerable Software and Affected Versions Nightingale n9e versions prior to 9.0.0-beta.2 Description Authenticated users with low privileges Standard role can access full datasource configurations through the 'POST /api/n9e/datasource/list' endpoint. This occurs because the route lack...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References10
CVE
CVE
added 2026/05/29 1:7 p.m.25 views

CVE-2026-45620

Technical details for CVE-2026-45620 are not publicly available in the provided connected documents. Monitor for updates.

5.3CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/18 1:30 p.m.8 views

GHSA-VPFX-PXQW-2W79 AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration sibling that survives `d9cdc7024`

CVE-2026-43881 fix d9cdc7024 patched users.json.php only. The same anti-pattern survives at master HEAD in: objects/mention.json.php:17 $ignoreAdmin = true; objects/mention.json.php:18 $users = User::getAllUsers$ignoreAdmin, 'name', 'email', 'user', 'channelName', 'a'; No User::loginCheck, no adm...

5.3CVSS5.8AI score0.00193EPSS
Exploits0References4
Rows per page
Query Builder