Lucene search
K

15 matches found

Vulnrichment
Vulnrichment
added 2026/02/26 2:58 p.m.5 views

CVE-2026-26077 Discourse doesn't ensure webhooks require a token

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 2:58 p.m.21 views

CVE-2026-26077 Discourse doesn't ensure webhooks require a token

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...

6.5CVSS0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 2:58 p.m.7 views

CVE-2026-26077

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...

6.5CVSS5.3AI score0.0024EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/02/26 2:58 p.m.7 views

EUVD-2026-8854

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...

6.5CVSS5.3AI score0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/02/26 2:58 p.m.26 views

CVE-2026-26077

CVE-2026-26077 – Discourse webhook authentication bypass . Affects Discourse prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, where several webhook endpoints (SendGrid, Mailjet, Mandrill, Postmark, SparkPost) in the WebhooksController accepted requests without a valid authentication token whe...

6.5CVSS5.3AI score0.0024EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-27741

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00392EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:12 a.m.6 views

CVE-2023-23654

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SparkPost plugin = 3.2.5 versions...

5.9CVSS5.6AI score0.00392EPSS
Exploits0References1
NVD
NVD
added 2023/05/15 12:15 p.m.12 views

CVE-2023-23654

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SparkPost plugin = 3.2.5 versions...

5.9CVSS5.4AI score0.00392EPSS
Exploits0References1
OSV
OSV
added 2023/05/15 12:15 p.m.4 views

CVE-2023-23654

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SparkPost plugin = 3.2.5 versions...

4.8CVSS7.3AI score0.00392EPSS
Exploits0References1
Prion
Prion
added 2023/05/15 12:15 p.m.14 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SparkPost plugin = 3.2.5 versions...

4.3CVSS4.8AI score0.00392EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/15 11:40 a.m.15 views

CVE-2023-23654 WordPress SparkPost Plugin <= 3.2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SparkPost plugin = 3.2.5 versions...

5.9CVSS5.6AI score0.00392EPSS
Exploits0References1
CVE
CVE
added 2023/05/15 11:40 a.m.44 views

CVE-2023-23654

CVE-2023-23654 affects WordPress SparkPost plugin versions = 3.2.6 or apply vendor mitigation. Public references note the vulnerability exists in SparkPost plugin for WordPress and has been tracked by Patchstack and other CVE responders. If exploiting in the wild, CVSS details vary by source; dis...

5.9CVSS5.1AI score0.00392EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/05/15 12:0 a.m.1 views

WordPress plugin SparkPost 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

5.9CVSS6.3AI score0.00392EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/04/19 12:0 a.m.24 views

SparkPost <= 3.2.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00392EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2023/04/19 12:0 a.m.12 views

WordPress SparkPost Plugin <= 3.2.5 is vulnerable to Cross Site Scripting (XSS)

Software SparkPost Type Plugin Vulnerable versions = 3.2.5 Fixed in 3.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23654 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID acbfe9901d1c Credits Rio Darmawan Required privile...

5.9CVSS6AI score0.00392EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder