Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-49274

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the pages field with roles that have the pages.access permission disabled allowed authenticated users to provide an inaccessible parent page or site to the page picker backend and confirm arbitrary page...

5.3CVSS5.9AI score
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/03/11 7:57 p.m.29 views

CVE-2026-32098 Parse Server has a protected fields bypass via LiveQuery subscription WHERE clause

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.9 and 8.6.35, an attacker can exploit LiveQuery subscriptions to infer the values of protected fields without directly receiving them. By subscribing with a WHERE clause th...

6.9CVSS0.00288EPSS
Exploits0References3
OSV
OSV
added 2026/02/13 10:49 p.m.6 views

GHSA-78WQ-6GCV-W28R Known affected by Account Takeover via Password Reset Token Leakage

Summary A Critical Broken Authentication vulnerability exists in Known 1.6.2. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve the reset token for any user by simply querying the user's...

9.8CVSS5.8AI score0.00714EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/11 12:3 a.m.7 views

CVE-2025-52493

PagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets appear masked as password fields, the actual secret values are present in the page source and can be revealed by simply modifying the input field type from...

6.5CVSS6.8AI score0.00345EPSS
Exploits0References1
Rows per page
Query Builder