CVE-2026-2254

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...

CVE-2026-2254

CVE-2026-2254 affects Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x. The issue is that ACLs are not applied on certain API endpoints related to platform mail notifications, allowing potential improper access. The documented C...

CVE-2026-2254

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...

CVE-2026-34759

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoints in the same codebase correctly use ClusterKeyAuthorization.isAuthorizedServiceMiddleware. Thes...

CVE-2026-34759 OneUptime: Unauthenticated notification API endpoints - financial abuse via phone number purchase, service disruption, and SMTP credential exposure

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoints in the same codebase correctly use ClusterKeyAuthorization.isAuthorizedServiceMiddleware. Thes...

CVE-2026-34759

Affected software: OneUptime Open Source platform (prior to v10.0.42). Vulnerability: Multiple notification API endpoints were registered without authentication middleware, exposing /notification/ and enabling an unauthenticated attacker to exploit a projectId leak from the public Status Page API...

CVE-2026-34759 OneUptime: Unauthenticated notification API endpoints - financial abuse via phone number purchase, service disruption, and SMTP credential exposure

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoints in the same codebase correctly use ClusterKeyAuthorization.isAuthorizedServiceMiddleware. Thes...

CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

Gitea security vulnerabilities

Gitea is a lightweight Git service developed using Go language in the Gitea community. There is a security vulnerability in Gitea, which stems from the notification API not revalidating the repository access permissions when returning notification details. This allows users to still view issues a...

CVE-2025-34433

AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid. The installation timestamp is exposed via a public endpoint, and a derived hash identifier is accessible through...

EUVD-2020-5923

Malware in sbrugna...

EUVD-2023-35284

Malicious code in bioql PyPI...

CVE-2023-30946

A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UU...

CVE-2023-30946

A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UU...

Code injection

A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UU...

CVE-2023-30946 Issues notification metadata lacks authorization

A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UU...

Palantir Foundry Issues 安全漏洞

Palantir Foundry Issues is an application from Palantir USA. A security vulnerability exists in Palantir Foundry Issues prior to version 2.497.0 that stems from allowing unauthorized users to retrieve issue metadata from Foundry's notification API...

PT-2023-23077 · Unknown · Foundry Issues

Name of the Vulnerable Software and Affected Versions: Foundry Issues affected versions not specified Description: A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query...

SUSE CVE-2014-1529

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page f...

Mozilla Firefox Security Advisory (MFSA2014-42) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...