Lucene search
+L

9 matches found

cvelist
cvelist
added 2026/06/29 5:21 p.m.33 views

CVE-2026-57953 Mythic < 3.4.0.60 - Unauthorized Automation Workflow Modification via eventing_import_automatic_webhook Endpoint

Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventingimportautomaticwebhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can...

5.4CVSS0.00249EPSS
Exploits0References4
osv
osv
added 2026/06/29 5:21 p.m.4 views

CVE-2026-57953 Mythic < 3.4.0.60 - Unauthorized Automation Workflow Modification via eventing_import_automatic_webhook Endpoint

Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventingimportautomaticwebhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can...

5.3CVSS6AI score0.00249EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/04/03 8:12 p.m.4 views

CVE-2026-25742

Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...

5.3CVSS5.8AI score0.00312EPSS
Exploits1References5Affected Software1
cvelist
cvelist
added 2026/04/03 8:12 p.m.18 views

CVE-2026-25742 Zulip: Anonymous File Access After Disabling Spectator Access

Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...

5.3CVSS0.00312EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2026/04/03 8:12 p.m.2 views

CVE-2026-25742 Zulip: Anonymous File Access After Disabling Spectator Access

Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...

5.3CVSS5.8AI score0.00312EPSS
Exploits1References4
euvd
euvd
added 2026/04/03 8:12 p.m.4 views

EUVD-2026-18835

Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...

5.3CVSS5.8AI score0.00312EPSS
Exploits1References4
cve
cve
added 2026/04/03 8:12 p.m.14 views

CVE-2026-25742

Zulip CVE-2026-25742 affects versions before 11.6. Before 11.6, even with spectator access disabled (enable_spectator_access / WEB_PUBLIC_STREAMS_ENABLED), attachments from web-public streams could be retrieved anonymously, and the endpoint /users/me//topics remained reachable to expose topic his...

5.3CVSS5.8AI score0.00312EPSS
Exploits1References4Affected Software1
osv
osv
added 2026/04/03 8:12 p.m.2 views

CVE-2026-25742 Zulip: Anonymous File Access After Disabling Spectator Access

Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...

5.3CVSS5.9AI score0.00312EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2026/04/03 12:0 a.m.6 views

PT-2026-30211

Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enable spectator access / WEB PUBLIC STREAMS ENABLED is disabled, attachments originating from web-public...

5.3CVSS5.8AI score0.00312EPSS
Exploits1References5
Rows per page
Query Builder