Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.4 views

CVE-2026-28508

Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoin...

9.2CVSS5.8AI score0.00628EPSS
Exploits1References1
NVD
NVD
added 2026/03/06 5:16 a.m.7 views

CVE-2026-28508

Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoin...

9.2CVSS0.00628EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/06 4:13 a.m.4 views

EUVD-2026-9984

Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoin...

9.2CVSS6AI score0.00628EPSS
Exploits1References2
OSV
OSV
added 2026/03/06 4:13 a.m.3 views

CVE-2026-28508 Idno: Unauthenticated SSRF via URL Unfurl Endpoint

Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoin...

9.2CVSS5.9AI score0.00628EPSS
Exploits1References4
CVE
CVE
added 2026/03/06 4:13 a.m.20 views

CVE-2026-28508

CVE-2026-28508 affects Idno: prior to 1.6.4, a logic error in the API authentication flow and missing login requirement on the URL unfurl endpoint results in CSRF protection bypass for unauthenticated requests. An attacker can set X-IDNO-USERNAME and X-IDNO-SIGNATURE headers to trigger is_api_req...

9.2CVSS6AI score0.00628EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 9:24 p.m.12 views

Idno Vulnerable to Unauthenticated SSRF via URL Unfurl Endpoint

Summary A logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoint itself, this allows an attacker to force the server ...

9.2CVSS6.3AI score0.00628EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder