Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-45061

Name of the Vulnerable Software and Affected Versions PraisonAI Platform affected versions not specified Description The server contains multiple authorization flaws. First, a cross-tenant Insecure Direct Object Reference IDOR exists because the require workspace member dependency only validates...

9.4CVSS5.8AI score0.00043EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/12 2:49 p.m.3 views

EUVD-2026-11371

StudioCMS: IDOR — Admin-to-Owner Account Takeover via Password Reset Link Generation...

6.8CVSS5.8AI score0.00344EPSS
Exploits1References2
NVD
NVD
added 2026/03/11 9:16 p.m.4 views

CVE-2026-32103

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the POST /studiocmsapi/dashboard/create-reset-link endpoint allows any authenticated user with admin privileges to generate a password reset token for any other user, including the owner account...

7.2CVSS0.00344EPSS
Exploits1References1
OSV
OSV
added 2026/03/11 8:6 p.m.4 views

CVE-2026-32103 StudioCMS: IDOR — Admin-to-Owner Account Takeover via Password Reset Link Generation

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the POST /studiocmsapi/dashboard/create-reset-link endpoint allows any authenticated user with admin privileges to generate a password reset token for any other user, including the owner account...

6.8CVSS5.8AI score0.00344EPSS
Exploits1References3
Rows per page
Query Builder