Lucene search
K

7 matches found

CVE
CVE
added last week8 views

CVE-2026-55417

Chevereto (self-hosted media sharing) is affected in versions 3.7.5 up to before 4.5.4. The issue is that when a user enables private profile, the HTML route (/username) correctly returns 404, but the /json AJAX listing endpoint does not apply the same privacy check. An unauthenticated caller who...

6.9CVSS6AI score0.00249EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42280

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

7.1CVSS5.4AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 2:39 p.m.12 views

EUVD-2026-32533

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/06 5:5 p.m.9 views

Auth.js SDK has Improper Permission Checking

Description Under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. Am I Affected? Users are affected if they meet each of the following preconditions: - Applications built...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/19 9:52 p.m.6 views

CVE-2026-32099 Discourse prevents hidden profile data leak via user onebox

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's...

4.3CVSS5.9AI score0.00302EPSS
Exploits0References3
NVD
NVD
added 2025/12/08 5:16 p.m.7 views

CVE-2025-48586

In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.0008EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/08 4:57 p.m.22 views

CVE-2025-48586

In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.0008EPSS
Exploits0References2
Rows per page
Query Builder