CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

302 matches found

NVD•added 2026/06/15 8:16 p.m.•8 views

CVE-2026-50886

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...

9.1CVSS0.00312EPSS

Exploits0References1

Cvelist•added 2026/06/15 12:0 a.m.•26 views

CVE-2026-50886

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...

0.00312EPSS

Exploits0References1

CVE•added 2026/06/15 12:0 a.m.•16 views

CVE-2026-50886

Summary: CVE-2026-50886 describes an access-control flaw in the webhook management component of Project Firefly III (version 6.5.9). The root cause is an incorrect access-control implementation, enabling an attacker to scan internal resources by sending a crafted POST request. Affected software: ...

9.1CVSS5.3AI score0.00312EPSS

Exploits0References1

Positive Technologies•added 2026/06/15 12:0 a.m.•7 views

PT-2026-49327

Name of the Vulnerable Software and Affected Versions Project Firefly III version 6.5.9 Description Incorrect access control in the webhook management component allows attackers to scan internal resources by sending a crafted POST request. Recommendations At the moment, there is no information...

9.1CVSS5.9AI score0.00312EPSS

Exploits0References3

Snyk•added 2026/03/07 2:10 a.m.•3 views

Incorrect Authorization

Overview grumpydictator/firefly-iii is a personal finances manager. Affected versions of this package are vulnerable to Incorrect Authorization via the index and show functions in the user management API endpoints, which lack proper role verification. An attacker can access sensitive information...

7.1CVSS5.9AI score

Exploits0References2