Lucene search
K

6 matches found

NVD
NVD
added 2026/06/25 7:16 p.m.8 views

CVE-2026-56772

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

5.3CVSS0.00204EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 6:8 p.m.15 views

CVE-2026-56772

NewsBlur

5.3CVSS6AI score0.00204EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 6:7 p.m.7 views

CVE-2026-56771

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the addurl endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and...

8.5CVSS6AI score0.00204EPSS
Exploits0References5
CVE
CVE
added 2026/06/25 6:7 p.m.13 views

CVE-2026-56771

NewsBlur prior to 14.5.0 is affected by an SSRF in the add_url endpoint. The issue lets authenticated users trigger arbitrary server requests to internal networks by failing to filter private IPs, potentially reaching localhost services and cloud metadata endpoints. This enables internal network ...

8.5CVSS6AI score0.00204EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52545

Name of the Vulnerable Software and Affected Versions NewsBlur versions prior to 14.5.0 Description Authenticated users can perform server-side request forgery SSRF via the 'add url' endpoint. This occurs because the application fails to filter private IP addresses, allowing arbitrary server...

8.5CVSS5.9AI score0.00204EPSS
Exploits0References7
HackRead
HackRead
added 2021/06/28 4:17 p.m.40 views

Hacker wipes out database of RSS newsreader service NewsBlur

By Deeba Ahmed Personal newsreader NewsBlur service has been restored after a hacker wiped out MongoDB data that was exposed to public access. This is a post from HackRead.com Read the original post: Hacker wipes out database of RSS newsreader service NewsBlur...

3.2AI score
Exploits0
Rows per page
Query Builder