Lucene search
+L

526 matches found

Vulnrichment
Vulnrichment
added 2026/03/10 7:44 p.m.2 views

CVE-2026-29113 Craft has a potential information disclosure vulnerability in preview tokens

Craft is a content management system CMS. Prior to 4.17.4 and 5.9.7, Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an...

2.3CVSS5.8AI score0.00174EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 7:44 p.m.2 views

CVE-2026-29113

Craft is a content management system CMS. Prior to 4.17.4 and 5.9.7, Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an...

2.3CVSS5.8AI score0.00174EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/10 7:44 p.m.33 views

CVE-2026-29113 Craft has a potential information disclosure vulnerability in preview tokens

Craft is a content management system CMS. Prior to 4.17.4 and 5.9.7, Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an...

2.3CVSS0.00174EPSS
Exploits0References2
CVE
CVE
added 2026/03/10 7:44 p.m.17 views

CVE-2026-29113

Craft CMS prior to versions 4.17.4 and 5.9.7 suffers a CSRF flaw in the preview token endpoint (/actions/preview/create-token). The endpoint accepts an attacker-supplied previewToken without requiring a CSRF token, allowing a logged-in editor to mint a preview token chosen by an attacker. The att...

4.3CVSS5.8AI score0.00174EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/10 7:44 p.m.4 views

CVE-2026-29113 Craft has a potential information disclosure vulnerability in preview tokens

Craft is a content management system CMS. Prior to 4.17.4 and 5.9.7, Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an...

2.3CVSS5.8AI score0.00174EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/10 6:22 p.m.10 views

Craft CMS has a potential information disclosure vulnerability in preview tokens

Summary Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an attacker can force a logged-in victim editor to mint a preview...

4.3CVSS5.8AI score0.00174EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/10 6:22 p.m.6 views

GHSA-VG3J-HPM9-8V5V Craft CMS has a potential information disclosure vulnerability in preview tokens

Summary Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an attacker can force a logged-in victim editor to mint a preview...

2.3CVSS5.8AI score0.00174EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.5 views

PT-2026-24638

Summary Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an attacker can force a logged-in victim editor to mint a preview...

5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.8 views

PT-2026-24403

Craft is a content management system CMS. Prior to 4.17.4 and 5.9.7, Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an...

2.3CVSS5.8AI score0.00174EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.6 views

CVE-2026-30829

Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. Prior to version 3.4.0, an unauthenticated information disclosure vulnerability exists in the GET /api/v1/status-page/:url...

5.3CVSS5.7AI score0.00386EPSS
Exploits1References1
NVD
NVD
added 2026/03/07 6:16 a.m.10 views

CVE-2026-30829

Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. Prior to version 3.4.0, an unauthenticated information disclosure vulnerability exists in the GET /api/v1/status-page/:url...

5.3CVSS0.00386EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/07 5:46 a.m.7 views

CVE-2026-30829

Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. Prior to version 3.4.0, an unauthenticated information disclosure vulnerability exists in the GET /api/v1/status-page/:url...

5.3CVSS5.7AI score0.00386EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/07 5:46 a.m.30 views

CVE-2026-30829 Checkmate: Unauthenticated Access to Unpublished Status Page

Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. Prior to version 3.4.0, an unauthenticated information disclosure vulnerability exists in the GET /api/v1/status-page/:url...

5.3CVSS0.00386EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/07 5:46 a.m.3 views

CVE-2026-30829 Checkmate: Unauthenticated Access to Unpublished Status Page

Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. Prior to version 3.4.0, an unauthenticated information disclosure vulnerability exists in the GET /api/v1/status-page/:url...

5.3CVSS5.7AI score0.00386EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/07 5:46 a.m.10 views

EUVD-2026-10117

Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. Prior to version 3.4.0, an unauthenticated information disclosure vulnerability exists in the GET /api/v1/status-page/:url...

5.3CVSS5.7AI score0.00386EPSS
Exploits1References1
CVE
CVE
added 2026/03/07 5:46 a.m.24 views

CVE-2026-30829

Checkmate is an open‑source self‑hosted tool for monitoring server hardware and incidents. Before version 3.4.0, the GET /api/v1/status-page/:url endpoint exposes full status page details without authentication or published-page checks, allowing access to unpublished pages and internal data to an...

5.3CVSS5.7AI score0.00386EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/07 5:46 a.m.4 views

CVE-2026-30829 Checkmate: Unauthenticated Access to Unpublished Status Page

Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. Prior to version 3.4.0, an unauthenticated information disclosure vulnerability exists in the GET /api/v1/status-page/:url...

5.3CVSS5.8AI score0.00386EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.11 views

PT-2026-23831

Name of the Vulnerable Software and Affected Versions Checkmate versions prior to 3.4.0 Description An unauthenticated information disclosure issue exists in the GET /api/v1/status-page/:url endpoint. The endpoint does not enforce authentication or verify if a status page is published before...

5.3CVSS5.8AI score0.00386EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.19 views

Checkmate 信息泄露漏洞

Checkmate is an open-source, self-hosted tool developed by BlueWave. It aims to provide visually appealing real-time tracking and monitoring of server hardware, uptime, response times, and events. Versions of Checkmate prior to 3.4.0 contained a security vulnerability related to information...

5.3CVSS5.8AI score0.00386EPSS
Exploits1References1
Snyk
Snyk
added 2026/02/21 6:51 a.m.4 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation in the SAML SSO authentication process. An attacker can gain unauthorized access to user accounts by leveraging a malicious SAML Identity Provider and another organization configured on the same instance. Notes: - Thi...

9.1CVSS5.7AI score0.00435EPSS
Exploits0References2
Rows per page
Query Builder