Lucene search
K

33 matches found

EUVD
EUVD
added 2026/06/26 3:32 p.m.7 views

EUVD-2026-39654

In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible...

3.1CVSS5.8AI score0.00143EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 2:17 p.m.16 views

CVE-2026-57922

In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible...

5.3CVSS0.00143EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 12:38 p.m.22 views

CVE-2026-57922

CVE-2026-57922 affects JetBrains YouTrack prior to version 2026.2.16593, where project settings could be disclosed via MCP. The vulnerability is described as a disclosure of project settings, with no exploitation details provided. The documents imply a fix in version 2026.2.16593, but do not prov...

5.3CVSS5.8AI score0.00143EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/26 12:38 p.m.42 views

CVE-2026-57922

In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible...

3.1CVSS0.00143EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52702

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description An issue exists that allows the disclosure of project settings via the MCP. Recommendations Update to version 2026.2.16593...

5.3CVSS5.8AI score0.00143EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/05 1:24 p.m.10 views

EUVD-2026-34831

Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when user...

7.2CVSS5.3AI score0.00197EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 1:24 p.m.6 views

CVE-2026-50232

Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when user...

7.2CVSS5.3AI score0.00197EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 6:45 a.m.11 views

CVE-2026-7552 Geo Mashup <= 1.13.19 - Missing Authorization to Unauthenticated Plugin Settings Disclosure via 'geo_mashup_content' Parameter

The Geo Mashup plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.13.19. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to expose sensitive plugin...

5.3CVSS5.8AI score0.00333EPSS
Exploits0References11
Patchstack
Patchstack
added 2026/05/27 6:2 p.m.13 views

WordPress Geo Mashup plugin <= 1.13.19 - Missing Authorization to Unauthenticated Plugin Settings Disclosure vulnerability

Missing Authorization to Unauthenticated Plugin Settings Disclosure vulnerability discovered by t0ann9uy3n in WordPress Plugin Geo Mashup versions = 1.13.19...

5.3CVSS5.8AI score0.00333EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/05 8:49 p.m.7 views

GHSA-7JRR-XW9C-MJ39 Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback

Summary An authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret query parameter, causing the request to be treated as authenticated via the...

6.5CVSS5.7AI score0.00299EPSS
Exploits1References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/05 12:0 a.m.17 views

Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback

An authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret query parameter, causing the request to be treated as authenticated via the...

6.5CVSS5.8AI score0.00299EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/05/04 8:8 p.m.38 views

CVE-2026-42220 nginx-ui: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret...

6.5CVSS0.00299EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/04 8:8 p.m.7 views

CVE-2026-42220 nginx-ui: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret...

6.5CVSS5.7AI score0.00299EPSS
Exploits1References2
CVE
CVE
added 2026/05/04 8:8 p.m.22 views

CVE-2026-42220

Nginx UI (nginx-ui) prior to version 2.3.8 exposes a vulnerability where an authenticated user can call GET /api/settings to retrieve sensitive values, including node.secret. The node.secret is accepted by AuthRequired() via the X-Node-Secret header (or node_secret query parameter), allowing the ...

6.5CVSS5.7AI score0.00299EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2025/12/17 7:12 a.m.9 views

WordPress WP Social Ninja plugin <= 4.0.1 - Missing Authorization to Unauthenticated Plugin's Settings Disclosure And Modification vulnerability

Missing Authorization to Unauthenticated Plugin's Settings Disclosure And Modification vulnerability discovered by shark3y in WordPress Plugin WP Social Ninja versions = 4.0.1...

6.5CVSS6.7AI score0.00217EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/12/04 8:42 p.m.17 views

CVE-2024-58277

CVE-2024-58277 affects the R Radio Network FM Transmitter v1.07, where an unauthenticated actor can access the admin password via the system.cgi endpoint, enabling authentication bypass and FM station setup access. Public sources (Zero Science Lab) describe an improper access control allowing dis...

8.7CVSS7AI score0.0039EPSS
Exploits1References3
OSV
OSV
added 2025/07/28 5:15 p.m.6 views

CVE-2025-54533

In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration...

4.3CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/07/28 5:15 p.m.6 views

CVE-2025-54532

In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies...

4.3CVSS0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/28 4:20 p.m.10 views

CVE-2025-54533

In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration...

4.3CVSS0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/28 4:20 p.m.3 views

CVE-2025-54533

In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration...

4.3CVSS6.5AI score0.00211EPSS
Exploits0References1
Rows per page
Query Builder