Lucene search
K

47 matches found

CVE
CVE
added 4 days ago10 views

CVE-2026-59155

Nezha Monitoring (self-hosted) had a credential exposure flaw prior to version 2.2.5. The GET endpoints /api/v1/ddns and /api/v1/notification returned full resource objects that included plaintext third-party API credentials (Cloudflare API tokens, TencentCloud SecretKeys, Slack/Discord/Telegram ...

6.9CVSS6.1AI score0.00304EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the Notification API after access revocation. An attacker can obtain unauthorized access to private issue metadata by querying the API after their access has been revoked. Remediation Upgrade...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:17 p.m.8 views

CVE-2026-58419

Notification API leaks private issue metadata after access revocation...

7.5CVSS0.00298EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:54 p.m.7 views

CVE-2026-58419

Notification API leaks private issue metadata after access revocation...

5.9AI score0.00298EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/07/03 8:54 p.m.40 views

CVE-2026-58419 Notification API leaks private issue metadata after access revocation

Notification API leaks private issue metadata after access revocation...

0.00298EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 4:16 a.m.19 views

CVE-2026-2254

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...

6.3CVSS0.00154EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:46 a.m.7 views

CVE-2026-2254

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/27 2:46 a.m.27 views

CVE-2026-2254

CVE-2026-2254 affects Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x. The issue is that ACLs are not applied on certain API endpoints related to platform mail notifications, allowing potential improper access. The documented C...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/03 11:1 p.m.4 views

CVE-2026-34759

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoints in the same codebase correctly use ClusterKeyAuthorization.isAuthorizedServiceMiddleware. Thes...

9.2CVSS5.8AI score0.006EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/02 6:50 p.m.3 views

CVE-2026-34759 OneUptime: Unauthenticated notification API endpoints - financial abuse via phone number purchase, service disruption, and SMTP credential exposure

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoints in the same codebase correctly use ClusterKeyAuthorization.isAuthorizedServiceMiddleware. Thes...

9.2CVSS5.8AI score0.006EPSS
Exploits1References3
CVE
CVE
added 2026/04/02 6:50 p.m.24 views

CVE-2026-34759

Affected software: OneUptime Open Source platform (prior to v10.0.42). Vulnerability: Multiple notification API endpoints were registered without authentication middleware, exposing /notification/ and enabling an unauthenticated attacker to exploit a projectId leak from the public Status Page API...

9.2CVSS5.8AI score0.006EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/02 6:50 p.m.20 views

CVE-2026-34759 OneUptime: Unauthenticated notification API endpoints - financial abuse via phone number purchase, service disruption, and SMTP credential exposure

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoints in the same codebase correctly use ClusterKeyAuthorization.isAuthorizedServiceMiddleware. Thes...

9.2CVSS0.006EPSS
Exploits1References3
OSV
OSV
added 2026/01/22 10:1 p.m.5 views

CVE-2026-20800 Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

6.5CVSS5.9AI score0.00344EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.8 views

Gitea security vulnerabilities

Gitea is a lightweight Git service developed using Go language in the Gitea community. There is a security vulnerability in Gitea, which stems from the notification API not revalidating the repository access permissions when returning notification details. This allows users to still view issues a...

6.5CVSS5.8AI score0.00344EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2025/12/19 3:37 p.m.3 views

CVE-2025-34433

AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid. The installation timestamp is exposed via a public endpoint, and a derived hash identifier is accessible through...

9.3CVSS6.6AI score0.01457EPSS
Exploits2References6Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-5923

Malware in sbrugna...

10CVSS8.7AI score0.02173EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-35284

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00393EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:45 a.m.10 views

CVE-2023-30946

A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UU...

4.3CVSS6.9AI score0.00393EPSS
Exploits0References1
NVD
NVD
added 2023/06/29 7:15 p.m.24 views

CVE-2023-30946

A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UU...

4.3CVSS4.2AI score0.00393EPSS
Exploits0References1
Prion
Prion
added 2023/06/29 7:15 p.m.22 views

Code injection

A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UU...

4CVSS4.7AI score0.00393EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder