Lucene search
K

14 matches found

NVD
NVD
added 2026/06/29 6:16 p.m.9 views

CVE-2026-57946

Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private playlist contents by accessing the RSS feed playlist endpoint without authentication. Attackers can supply a playlist ID to the feed endpoint to obtain th...

6.3CVSS0.00272EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 5:18 p.m.21 views

CVE-2026-57946

CVE-2026-57946 affects Invidious prior to version 2.20260626.0. A broken access control allows unauthenticated attackers to fetch private playlist contents by requesting the RSS feed playlist endpoint with a playlist ID, exposing the full playlist, owner email address, and associated video entrie...

6.3CVSS5.8AI score0.00272EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 5:18 p.m.35 views

CVE-2026-57946 Invidious - Private Playlist Disclosure via Unauthenticated RSS Feed Endpoint

Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private playlist contents by accessing the RSS feed playlist endpoint without authentication. Attackers can supply a playlist ID to the feed endpoint to obtain th...

6.3CVSS0.00272EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 5:18 p.m.8 views

EUVD-2026-40163

Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private playlist contents by accessing the RSS feed playlist endpoint without authentication. Attackers can supply a playlist ID to the feed endpoint to obtain th...

6.3CVSS5.8AI score0.00272EPSS
Exploits0References5
NVD
NVD
added 2026/06/18 6:16 a.m.15 views

CVE-2026-11357

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editorassetsvariables. This makes it possible for authenticated attackers, with contributor-level access and abov...

4.3CVSS0.00243EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:31 a.m.5 views

CVE-2026-11357

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editorassetsvariables. This makes it possible for authenticated attackers, with contributor-level access and abov...

4.3CVSS5.3AI score0.00243EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/18 4:31 a.m.29 views

CVE-2026-11357 Kadence Blocks <= 3.7.5 - Authenticated (Contributor+) Sensitive Information Exposure via Block Editor proData Localization

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editorassetsvariables. This makes it possible for authenticated attackers, with contributor-level access and abov...

4.3CVSS0.00243EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.8 views

XWiki licensor application security vulnerability

XWiki licensor application is an extension for XWiki. A security vulnerability exists in XWiki licensor application. An attacker could use this vulnerability to obtain sensitive information, including the instance ID and the name and email of the license owner...

5.3CVSS6.6AI score0.00492EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.9 views

PT-2024-21295 · Xwiki · Xwiki Application Licensing

Name of the Vulnerable Software and Affected Versions: XWiki Application Licensing versions prior to 1.24.2 Description: The XWiki licensor application includes a public document Licenses.Code.LicenseJSON that exposes sensitive information, including the instance's id, first and last name, and...

5.3CVSS5.1AI score0.00492EPSS
Exploits0References8
Huntr
Huntr
added 2023/04/15 5:57 a.m.15 views

Account Owner Email Adrress Leakage Lead To Improper Access Control

Description hi team, when i try to create users for on https://public.tenant.kiwitcms.org/admin/auth/user//change/ i see that the users are not properly authenticated. i can create users with the same firstname,lastname, and email. normally, when we create the same users it should error with the...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2023/02/27 12:0 a.m.6 views

Mattermost 信息泄露漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from allowing an attacker with team administrator privileges to learn the team owner's email address in a response...

2.7CVSS5AI score0.00526EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/27 12:0 a.m.6 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from allowing an attacker with team administrator privileges to learn the team owner's email address in a response...

2.7CVSS5AI score0.00526EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/02/27 12:0 a.m.6 views

PT-2023-21044 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue concerns the failure of Mattermost to honor the ShowEmailAddress setting when responding to the "Regenerate Invite Id" API endpoint. This allows an attacker with team admin...

2.7CVSS3.4AI score0.00526EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/11/03 12:0 a.m.9 views

CVE-2022-42442 IBM Robotic Process Automation for Cloud Pak information disclosure

IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214...

6.4AI score0.00179EPSS
Exploits0References2
Rows per page
Query Builder