Lucene search
K

6 matches found

CVE
CVE
added 2026/03/30 8:14 p.m.26 views

CVE-2026-27018

CVE-2026-27018 affects Gotenberg and is a case-insensitive URL-scheme bypass of the prior fix for CVE-2024-21527. The root cause is a case-sensitive deny-list regex in Chromium URL handling, allowing mixed-case or uppercase schemes to bypass the deny-list. The issue has been patched in Gotenberg ...

8.8CVSS5.7AI score0.00538EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/18 10:15 p.m.4 views

CVE-2025-49591 CryptPad 2FA Bypass Vulnerability

CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication 2FA in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can gain access to the victim's account, even if the...

8.7CVSS6.6AI score0.00442EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:30 a.m.8 views

CVE-2024-38522

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0...

6.3CVSS6.9AI score0.00347EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:8 p.m.9 views

CVE-2022-29236

BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced gra...

4.3CVSS6.6AI score0.00809EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/26 2:8 p.m.17 views

CVE-2025-24808 Discourse has race condition when adding users to a group DM

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due...

4.3CVSS7AI score0.00196EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/23 7:40 a.m.10 views

CVE-2022-39231 Parse Server subject to Improper Authentication allowing Auth adapter app ID validation to be circumvented

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.16, or from 5.0.0 to 5.2.6, validation of the authentication adapter app ID for Facebook and Spotify may be circumvented. Configurations which allow users to...

3.7CVSS4.1AI score0.00439EPSS
Exploits0References1
Rows per page
Query Builder