Lucene search
+L

126 matches found

EUVD
EUVD
added 2026/06/29 5:19 p.m.8 views

EUVD-2026-40165

Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cookie and cleartext transmission over HTTP. Attackers can...

7.6CVSS5.6AI score0.00126EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 5:19 p.m.19 views

CVE-2026-57948

Pinpoint (through version 3.1.0) has an insecure session management vulnerability where the pinpointJwt cookie lacks HttpOnly and Secure attributes. This allows JavaScript access via document.cookie and cleartext transmission over HTTP, enabling potential exfiltration of the session token via sto...

7.6CVSS5.6AI score0.00126EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/29 5:19 p.m.7 views

CVE-2026-57948 Pinpoint - Insecure Session Cookie Attributes in pinpointJwt

Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cookie and cleartext transmission over HTTP. Attackers can...

7.6CVSS5.6AI score0.00126EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 5:19 p.m.4 views

CVE-2026-57948 Pinpoint - Insecure Session Cookie Attributes in pinpointJwt

Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cookie and cleartext transmission over HTTP. Attackers can...

7.6CVSS5.8AI score0.00126EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:18 p.m.8 views

CVE-2026-57947

Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing SSRF protection. Attackers can trigger alarm threshold breaches to force the server to issue POST requests to...

8.5CVSS5.8AI score0.00239EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/29 5:18 p.m.9 views

CVE-2026-57947 Pinpoint - Server-Side Request Forgery via Alarm Webhook Registration

Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing SSRF protection. Attackers can trigger alarm threshold breaches to force the server to issue POST requests to...

8.5CVSS5.8AI score0.00239EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 5:18 p.m.18 views

CVE-2026-57947

Pinpoint (through 3.1.0) has a server-side request forgery in the webhook registration endpoint. Authenticated users can register internal URLs due to missing SSRF protection, potentially causing the server to issue POST requests to internal hosts and metadata endpoints, enabling unauthorized acc...

8.5CVSS5.8AI score0.00239EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 5:18 p.m.42 views

CVE-2026-57947 Pinpoint - Server-Side Request Forgery via Alarm Webhook Registration

Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing SSRF protection. Attackers can trigger alarm threshold breaches to force the server to issue POST requests to...

8.5CVSS0.00239EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.17 views

PT-2026-53666

Name of the Vulnerable Software and Affected Versions Pinpoint versions prior to 3.1.1 Description Insecure session management occurs because the pinpointJwt session cookie lacks HttpOnly and Secure attributes. This allows the cookie to be accessed via JavaScript through document.cookie and...

7.6CVSS5.8AI score0.00126EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/29 2:48 p.m.7 views

CVE-2026-39678

Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.6.5...

5.3CVSS5.1AI score0.0019EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:31 a.m.5 views

EUVD-2026-20359

Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.6.5...

5.3CVSS5.9AI score0.0019EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.3 views

CVE-2026-39678

Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.6.5...

5.3CVSS0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.26 views

CVE-2026-39678 WordPress Pinpoint Booking System plugin <= 2.9.9.6.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.6.5...

5.3CVSS0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.1 views

CVE-2026-39678 WordPress Pinpoint Booking System plugin <= 2.9.9.6.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.6.5...

5.9AI score0.0019EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 8:30 a.m.15 views

CVE-2026-39678

Technical details are not publicly available in the provided documents for CVE-2026-39678. Monitor for updates .

5.3CVSS5.9AI score0.0019EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39678

Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.6.5...

5.9AI score0.0019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31240

Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.6.5...

5.3CVSS5.9AI score0.0019EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

WordPress plugin Pinpoint Booking System 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/02/28 12:14 a.m.7 views

ch.acanda.maven:code-analysis-maven-plugin (>=1.6.0 <=1.27.0), com.jpinpoint.sonar:sonar-pmd-jpinpoint (>=2.0.0 <=2.1.1) +116 more potentially affected by CVE-2026-28338 via net.sourceforge.pmd:pmd-core (>=7.0.0-rc1 <=7.21.0)

net.sourceforge.pmd:pmd-core MAVEN version =7.0.0-rc1, =1.6.0, =2.0.0, =0.25.1, =0.25.1, =1.0.0, =0.5.6, =0.5.41, =12.2.0, =3.31.0, =0.7.0, =0.67.2, =0.67.2, =2.0.0, =0.1.0, =0.1.19 and more Source cves: CVE-2026-28338 Source advisory: SNYK:JAVA-NETSOURCEFORGEPMD-15365925...

6.8CVSS5.8AI score0.00297EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/09 9:31 a.m.18 views

CVE-2023-25062

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin = 2.9.9.2.8 versions...

5.9CVSS5.2AI score0.00509EPSS
Exploits0References1
Rows per page
Query Builder