Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/04/02 6:50 p.m.20 views

CVE-2026-34759 OneUptime: Unauthenticated notification API endpoints - financial abuse via phone number purchase, service disruption, and SMTP credential exposure

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoints in the same codebase correctly use ClusterKeyAuthorization.isAuthorizedServiceMiddleware. Thes...

9.2CVSS0.006EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/28 4:1 p.m.5 views

CVE-2025-13765

Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9...

4.3CVSS6.9AI score0.00326EPSS
Exploits0References1
CVE
CVE
added 2025/11/27 3:30 p.m.22 views

CVE-2025-13765

CVE-2025-13765 affects Devolutions Server, where email service credentials are exposed to non-administrative users. Public details in connected documents specify affected versions as before 2025.2.21 and before 2025.3.9. The issue’s root cause is credential exposure in the email service, with mul...

4.3CVSS6.5AI score0.00326EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/27 3:30 p.m.5 views

CVE-2025-13765

Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9...

6.5AI score0.00326EPSS
Exploits0References1
Rows per page
Query Builder