Lucene search
K

313 matches found

Snyk
Snyk
added 2026/03/26 7:6 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Antlers-enabled fields. An attacker can obtain sensitive application configuration values by inserting configuration variables into content fields accessible to content editors. Remediation Upgrade...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.8 views

PutYourLightsOn Sprig Plugin for Craft CMS 安全漏洞

PutYourLightsOn Sprig Plugin for Craft CMS is a plugin developed by the Austrian company PutYourLightsOn, designed for Craft CMS. It provides dynamic content updates and interactive features. Versions of the plugin prior to 2.15.2 and 3.15.2 contained security vulnerabilities. These vulnerabiliti...

5.5CVSS5.8AI score0.00253EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/16 3:30 p.m.9 views

Mattermost Microsoft Teams Plugin fails to properly mask sensitive configuration values

Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...

7.6CVSS5.8AI score0.0018EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/16 11:11 a.m.6 views

CVE-2026-2476 MS Teams plugin sensitive config values not properly masked in support packets

Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...

7.6CVSS6.4AI score0.0018EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/16 11:11 a.m.26 views

CVE-2026-2476 MS Teams plugin sensitive config values not properly masked in support packets

Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...

7.6CVSS0.0018EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/16 11:11 a.m.9 views

CVE-2026-2476

Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...

7.6CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.10 views

PT-2026-25680

Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions through 2.0.3.0 Description The Mattermost plugins do not properly mask sensitive configuration values. This allows an attacker with access to support packets to obtain original plugin settings through exported...

7.6CVSS5.8AI score0.0018EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/03/15 6:34 p.m.23 views

CVE-2017-20217 Serviio PRO 1.8 REST API Information Disclosure

Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrie...

8.7CVSS0.00661EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/03/07 7:31 p.m.7 views

CVE-2026-2753

An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...

7.5CVSS6AI score0.00451EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/07 8:51 a.m.31 views

CVE-2026-24308 Apache ZooKeeper: Sensitive information disclosure in client configuration handling

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...

0.01177EPSS
Exploits0References1
NVD
NVD
added 2026/03/06 3:16 p.m.14 views

CVE-2026-2753

An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...

7.5CVSS0.00451EPSS
Exploits0References2
CNVD
CNVD
added 2026/03/02 12:0 a.m.4 views

WordPress Plugin Web Accessibility by accessiBe Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Web Accessibility by...

5.3CVSS5.6AI score0.00282EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:39 p.m.6 views

CVE-2026-26336

Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories like WEB-INF via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files...

8.7CVSS5.7AI score0.00306EPSS
Exploits1References1
NVD
NVD
added 2026/02/19 5:24 p.m.18 views

CVE-2026-26336

Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories like WEB-INF via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files...

8.7CVSS0.00306EPSS
Exploits1References3
CVE
CVE
added 2026/02/19 3:56 p.m.27 views

CVE-2026-26336

CVE-2026-26336 affects Hyland Alfresco. Unauthenticated attackers can read arbitrary files from protected directories (e.g., WEB-INF) via the /share/page/resource/ endpoint, causing disclosure of sensitive configuration files. The issue stems from improper access control on the resource endpoint,...

8.7CVSS5.7AI score0.00306EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.14 views

PT-2026-20869

Name of the Vulnerable Software and Affected Versions Hyland Alfresco affected versions not specified Description An unauthenticated attacker can read arbitrary files from protected directories, such as WEB-INF, by accessing the /share/page/resource/ API endpoint. This can lead to the disclosure ...

8.7CVSS5.6AI score0.00306EPSS
Exploits1References8
Packet Storm
Packet Storm
added 2026/02/17 12:0 a.m.268 views

📄 n8n Workflow Automation Remote Configuration / Admin Data Extraction

This Metasploit module exploits multiple vulnerabilities in n8n workflow automation tool. It leverages a file read vulnerability to steal encryption keys and database, then uses stolen credentials to authenticate and execute arbitrary commands via the Execute Command node...

10CVSS9AI score0.71647EPSS
Exploits18
Cvelist
Cvelist
added 2026/02/03 10:1 p.m.32 views

CVE-2020-37088 School ERP Pro 1.0 - Arbitrary File Read

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system...

8.7CVSS0.02564EPSS
Exploits1References4
Snyk
Snyk
added 2026/01/27 10:15 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the GetConfig and RefreshResource API endpoints. An attacker can access sensitive configuration data or trigger excessive reconciliations by sending requests with any non-empty Bearer token in the Authorizati...

7.2CVSS5.9AI score0.00342EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.7 views

CVE-2025-36058

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration informatio...

5.5CVSS5.3AI score0.0011EPSS
Exploits0References1
Rows per page
Query Builder