14 matches found
CVE-2026-33146
Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...
EUVD-2026-32702
The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...
CVE-2026-33146
Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...
CVE-2026-33146 Docmost's Public Share Search Exposes Metadata of Restricted Children
Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...
EUVD-2026-22750
Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...
CVE-2026-33146 Docmost's Public Share Search Exposes Metadata of Restricted Children
Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...
CVE-2026-33146
Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...
CVE-2026-33146
Docmost (open-source wiki/docs) contains an authorization bypass vulnerability affecting versions 0.70.0–0.70.2. unauthenticated users can access restricted child page titles and text snippets via the public search endpoint POST /api/search/share-search, exposing content that should be hidden. Th...
Docmost 授权问题漏洞
Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost from 0.70.0 to 0.70.2 have a vulnerability related to authorization issues. This vulnerability stems from an authorization bypass issue, allowing unauthorized users to enumerate and...
PT-2026-32928
Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...
Information Exposure
Overview indico is a conference lifecycle management and meeting/lecture scheduling tool. Affected versions of this package are vulnerable to Information Exposure via the user details API endpoint. An attacker can obtain basic information about users, such as name, affiliation, and email, by...
CVE-2021-39599
Multiple Cross Site Scripting XSS vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in 1 public/search.php and in the 2 c parameter in admin.php...
wehrhahn-verlag.de XSS vulnerability
Open Bug Bounty ID: OBB-636711 Description| Value ---|--- Affected Website:| wehrhahn-verlag.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Public search engines mine private Facebook details
From DarkReading Kelly Jackson Higgins Another reason to be careful what you post on Facebook: All it takes is a simple Google search, and phishers and marketers can glean a treasure trove of private information darkreading.com based on relationships among Facebook “friends,” according to new...