Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.12 views

CVE-2026-45009

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

5.3CVSS5.8AI score0.00168EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.13 views

Duplicate Advisory: phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient Authorization Check

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jrc5-w569-h7h5. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows...

5.3CVSS5.3AI score0.00168EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2026/05/15 7:17 p.m.19 views

CVE-2026-45009

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

5.3CVSS0.00168EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/15 6:36 p.m.9 views

CVE-2026-45009

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/15 6:36 p.m.17 views

CVE-2026-45009

CVE-2026-45009 affects phpMyFAQ prior to 4.1.2. The issue is an insufficient authorization check in admin-api routes, allowing authenticated ordinary users to access administrative endpoints without verifying backend privileges. This can expose sensitive backend information such as dashboard vers...

5.3CVSS5.8AI score0.00168EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/10 8:59 p.m.6 views

n8n-mcp has unauthenticated session termination and information disclosure in HTTP transport

Summary Several HTTP transport endpoints in n8n-mcp lacked proper authentication, and the health check endpoint exposed sensitive operational metadata without credentials. Impact An unauthenticated attacker with network access to the n8n-mcp HTTP server could disrupt active MCP sessions and gathe...

5.7AI score
Exploits0References4Affected Software1
Rows per page
Query Builder