Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-50529

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid...

8.7CVSS6AI score
Exploits0References4Affected Software1
CVE
CVE
added yesterday10 views

CVE-2026-50529

CVE-2026-50529 affects DataEase prior to version 2.10.24. The /de2api/share/proxyInfo interface incorrectly generates and returns an X-DE-LINK-TOKEN before validating the share password or ticket, enabling unauthenticated attackers who know a protected share UUID to obtain a valid link token for ...

8.7CVSS6AI score
Exploits0References3
CVE
CVE
added 2026/06/25 6:5 p.m.14 views

CVE-2026-56768

Vulnerability summary (CVE-2026-56768) Seahub versions before 13.0.23 fail to enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated access when a folder share-link token is present. An attacker can call the GET endpoint to obtain a fileserver zip token ...

8.8CVSS5.9AI score0.00381EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/04/09 6:34 p.m.169 views

Exploit for CVE-2026-39912

CVE-2026-39912 - Xboard / V2Board Unauth Account Takeover M...

6AI score0.00584EPSS
Exploits1
Snyk
Snyk
added 2026/03/12 2:49 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview @studiocms/s3-storage is an Add S3 Storage Support into your StudioCMS project. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to higher-privileged accounts by...

7.2CVSS5.8AI score0.00344EPSS
Exploits1References2
OSV
OSV
added 2026/03/09 7:48 p.m.8 views

GHSA-525J-95GF-766F FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info

Summary The remediation for CVE-2026-27611 appears incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info in docker image gtstef/filebrowser:1.3.1-webdav-2. Details The issue stems from two flaws: 1. Tokenized download URLs are written into the...

7.5CVSS5.7AI score0.00544EPSS
Exploits2References5
Rows per page
Query Builder