Lucene search
K

14 matches found

Cvelist
Cvelist
added last week36 views

CVE-2026-57921

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...

4.3CVSS0.00177EPSS
Exploits0References1
OSV
OSV
added 2026/06/16 11:41 p.m.4 views

GHSA-3FWP-P5RJ-2PXF Gitea: Missing repository-unit authorization on issue-template API endpoints

Summary Three Gitea API endpoints — GET /repos/owner/repo/issuetemplates, GET /repos/owner/repo/issueconfig and GET /repos/owner/repo/issueconfig/validate — read files from the repository's Code default branch .gitea/ISSUETEMPLATE/ and issueconfig.yaml and return their contents, but are registere...

4.3CVSS5.3AI score0.00023EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.9 views

CVE-2026-44884

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8 and 2.39.1, a missing authorization vulnerability in the Custom Template file endpoint GET...

6.5CVSS5.4AI score0.00257EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.11 views

CVE-2026-42461

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full...

8.7CVSS5.7AI score0.00309EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/09 3:30 a.m.11 views

EUVD-2026-28897

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full...

8.7CVSS5.8AI score0.00309EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/08 11:42 a.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the idPage parameter. An attacker can retrieve, create, update, or delete database records by injecting crafted input in the /melis/MelisCms/PageEdition/getTinyTemplates endpoint. Remediation Upgrade...

9.8CVSS7.9AI score0.00391EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/08/20 1:35 p.m.11 views

CVE-2025-4962

An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...

7.7CVSS7.2AI score0.00217EPSS
Exploits0References1
OSV
OSV
added 2025/08/18 2:15 p.m.5 views

CVE-2025-4962

An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...

7.7CVSS6.7AI score
Exploits0References2
NVD
NVD
added 2025/08/18 2:15 p.m.15 views

CVE-2025-4962

An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...

7.7CVSS0.00217EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/18 1:27 p.m.21 views

CVE-2025-4962 IDOR Vulnerability in Template Creation via `projectId` Manipulation in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...

7.7CVSS0.00217EPSS
Exploits0References2
CVE
CVE
added 2025/08/18 1:27 p.m.31 views

CVE-2025-4962

CVE-2025-4962 describes an Insecure Direct Object Reference (IDOR) in Lunary API. The vulnerability exists in the endpoint POST /v1/templates and allows an authenticated user to create templates in another user’s project by manipulating the projectId query parameter. Root cause: missing server-si...

7.7CVSS7.3AI score0.00217EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.5 views

PT-2024-31405 · Jinja2 +1 · Jinja2 +1

Name of the Vulnerable Software and Affected Versions: Fides versions 2.19.0 through 2.43.x Description: The Email Templating feature in Fides uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...

9.1CVSS8.8AI score0.01342EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2023/11/06 12:0 a.m.8 views

PT-2023-32113 · WordPress · Templately

Name of the Vulnerable Software and Affected Versions: Templately WordPress plugin versions prior to 2.2.6 Description: The issue concerns improper authorization of the saved-templates/delete API endpoint, allowing unauthenticated users to delete arbitrary posts. Recommendations: For versions pri...

7.5CVSS8AI score0.00608EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2021/09/02 12:0 a.m.4 views

PT-2021-22030 · WordPress · The Gutenberg Template Library & Redux Framework

Name of the Vulnerable Software and Affected Versions: The Gutenberg Template Library & Redux Framework plugin versions prior to 4.2.12 Description: The issue concerns an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route. Specifically, t...

7.1CVSS6.5AI score0.01341EPSS
Exploits2References4
Rows per page
Query Builder