Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.14 views

CVE-2026-33146

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

4.3CVSS5.4AI score0.00213EPSS
Exploits2References1
EUVD
EUVD
added 2026/05/28 3:27 a.m.12 views

EUVD-2026-32702

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...

6.5CVSS5.9AI score0.00366EPSS
Exploits0References10
NVD
NVD
added 2026/04/14 10:16 p.m.8 views

CVE-2026-33146

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

4.3CVSS0.00213EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/04/14 9:36 p.m.22 views

CVE-2026-33146 Docmost's Public Share Search Exposes Metadata of Restricted Children

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

4.3CVSS0.00213EPSS
Exploits2References1
EUVD
EUVD
added 2026/04/14 9:36 p.m.10 views

EUVD-2026-22750

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

4.3CVSS5.8AI score0.00213EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/04/14 9:36 p.m.5 views

CVE-2026-33146 Docmost's Public Share Search Exposes Metadata of Restricted Children

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

4.3CVSS5.8AI score0.00213EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:36 p.m.9 views

CVE-2026-33146

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

4.3CVSS5.8AI score0.00213EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2026/04/14 9:36 p.m.11 views

CVE-2026-33146

Docmost (open-source wiki/docs) contains an authorization bypass vulnerability affecting versions 0.70.0–0.70.2. unauthenticated users can access restricted child page titles and text snippets via the public search endpoint POST /api/search/share-search, exposing content that should be hidden. Th...

4.3CVSS5.8AI score0.00213EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.10 views

Docmost 授权问题漏洞

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost from 0.70.0 to 0.70.2 have a vulnerability related to authorization issues. This vulnerability stems from an authorization bypass issue, allowing unauthorized users to enumerate and...

4.3CVSS5.8AI score0.00213EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32928

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

4.3CVSS5.8AI score0.00213EPSS
Exploits2References4
Snyk
Snyk
added 2025/07/14 8:41 p.m.3 views

Information Exposure

Overview indico is a conference lifecycle management and meeting/lecture scheduling tool. Affected versions of this package are vulnerable to Information Exposure via the user details API endpoint. An attacker can obtain basic information about users, such as name, affiliation, and email, by...

6.5CVSS6.4AI score0.00565EPSS
Exploits2References2
OSV
OSV
added 2021/08/23 11:15 p.m.4 views

CVE-2021-39599

Multiple Cross Site Scripting XSS vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in 1 public/search.php and in the 2 c parameter in admin.php...

6.1CVSS5.8AI score0.00641EPSS
Exploits1References1
Openbugbounty
Openbugbounty
added 2018/06/26 2:26 a.m.8 views

wehrhahn-verlag.de XSS vulnerability

Open Bug Bounty ID: OBB-636711 Description| Value ---|--- Affected Website:| wehrhahn-verlag.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
ThreatPost
ThreatPost
added 2009/04/03 1:29 p.m.12 views

Public search engines mine private Facebook details

From DarkReading Kelly Jackson Higgins Another reason to be careful what you post on Facebook: All it takes is a simple Google search, and phishers and marketers can glean a treasure trove of private information darkreading.com based on relationships among Facebook “friends,” according to new...

0.9AI score
Exploits0References5
Rows per page
Query Builder