Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:3 a.m.7 views

CVE-2024-39314

toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...

4.7CVSS7.2AI score0.00174EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-37897

Malicious code in bioql PyPI...

4.7CVSS6.6AI score0.00174EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:28 a.m.8 views

CVE-2024-39313

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workaroun...

6.5CVSS6.8AI score0.00367EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/01 9:33 p.m.16 views

CVE-2024-39314 toy-blog administrative token leaked through the command line parameter

toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...

4.7CVSS7.2AI score0.00174EPSS
Exploits0References2
OSV
OSV
added 2024/07/01 9:33 p.m.10 views

CVE-2024-39314 toy-blog administrative token leaked through the command line parameter

toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...

4.7CVSS7.1AI score0.00174EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/07/01 9:33 p.m.33 views

CVE-2024-39314 toy-blog administrative token leaked through the command line parameter

toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...

4.7CVSS0.00174EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/01 9:23 p.m.17 views

CVE-2024-39313 toy-blog Improper Input Validation vulnerability

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workaroun...

6.5CVSS6.8AI score0.00367EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/01 9:23 p.m.35 views

CVE-2024-39313 toy-blog Improper Input Validation vulnerability

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workaroun...

6.5CVSS0.00367EPSS
Exploits0References2
CVE
CVE
added 2024/07/01 9:23 p.m.49 views

CVE-2024-39313

Summary: CVE-2024-39313 affects toy-blog before 0.6.1, where articles with private visibility could be read without providing credentials. The root cause is improper access control for private posts. Impact is unauthorized disclosure of private content (permitted read is described as the primary ...

6.5CVSS6.4AI score0.00367EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/07/01 9:23 p.m.14 views

CVE-2024-39313 toy-blog Improper Input Validation vulnerability

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workaroun...

6.5CVSS6.7AI score0.00367EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/07/01 12:0 a.m.7 views

toy-blog Security Breach

toy-blog is a CMS system by the individual developer Kisaragi. A security vulnerability exists in toy-blog versions prior to 0.4.3 to 0.5.0, which stems from the disclosure of the administrative password via a command line parameter...

4.7CVSS6.9AI score0.00174EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/01 12:0 a.m.6 views

toy-blog Security Breach

toy-blog is a CMS system by the individual developer Kisaragi. A security vulnerability exists in toy-blog versions prior to 0.5.4 through 0.6.1, which stems from the ability to read articles with private visibility if the reader does not set the requested credentials...

6.5CVSS6.7AI score0.00367EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/01 12:0 a.m.4 views

PT-2024-28437 · Toy-Blog · Toy-Blog

Name of the Vulnerable Software and Affected Versions: toy-blog versions 0.5.4 through 0.6.0 Description: The issue allows articles with private visibility to be read without proper credentials. This can lead to unauthorized access to sensitive information. Users are advised to upgrade to a newer...

6.5CVSS7AI score0.00367EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/01 12:0 a.m.8 views

PT-2024-28438 · Toy-Blog · Toy-Blog

Name of the Vulnerable Software and Affected Versions: toy-blog versions 0.4.3 through 0.4.14 toy-blog versions prior to 0.4.14 Description: The administrative password is leaked through the command line parameter. This issue was patched in version 0.5.0. Recommendations: For versions 0.4.14 and...

4.7CVSS7.4AI score0.00174EPSS
Exploits0References4
Rows per page
Query Builder