Lucene search
+L

6 matches found

nvd
nvd
added 2026/06/25 7:16 p.m.10 views

CVE-2026-56772

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

5.3CVSS0.00204EPSS
Exploits0References3
euvd
euvd
added 2026/06/25 6:8 p.m.6 views

EUVD-2026-39525

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

5.3CVSS6AI score0.00204EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/25 6:8 p.m.21 views

CVE-2026-56772 NewsBlur < 14.5.0 - Insecure Direct Object Reference in Social Interactions Endpoint

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

5.3CVSS0.00204EPSS
Exploits0References3
osv
osv
added 2026/06/25 6:8 p.m.2 views

CVE-2026-56772 NewsBlur < 14.5.0 - Insecure Direct Object Reference in Social Interactions Endpoint

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

5.3CVSS6AI score0.00204EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/06/25 6:8 p.m.7 views

CVE-2026-56772 NewsBlur < 14.5.0 - Insecure Direct Object Reference in Social Interactions Endpoint

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

5.3CVSS6AI score0.00204EPSS
Exploits0References3
cve
cve
added 2026/06/25 6:8 p.m.17 views

CVE-2026-56772

NewsBlur

5.3CVSS6AI score0.00204EPSS
Exploits0References3
Rows per page
Query Builder