Lucene search
K

29 matches found

Snyk
Snyk
added 2026/06/10 6:20 p.m.5 views

Improper Restriction of Security Token Assignment

Overview Affected versions of this package are vulnerable to Improper Restriction of Security Token Assignment due to the failure to invalidate previously issued administrative tokens after an administrator account is suspended, deleted, or deactivated. An attacker can maintain unauthorized acces...

8.6CVSS5.3AI score0.00448EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 4:16 p.m.10 views

CVE-2026-25700

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

7.2CVSS0.00448EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.14 views

CVE-2026-34031

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The server did not sufficiently validate user-supplied image URLs, allowing arbitrary external content to be embedded as profile images, which could expose users to...

6.5CVSS5.5AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 2:57 p.m.10 views

CVE-2026-25700 Apache Answer: AdminToken not invalidated after admin deactivation

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

5.4AI score0.00448EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.16 views

CVE-2026-25699

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and i...

6.1CVSS5.4AI score0.00406EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/09 10:23 a.m.7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...

7.1CVSS5.3AI score0.00325EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 9:16 a.m.13 views

CVE-2026-34905

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted...

6.5CVSS0.00325EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 9:16 a.m.14 views

CVE-2026-25688

Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content was viewed. Users are...

6.1CVSS0.00406EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 7:35 a.m.10 views

EUVD-2026-35372

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted...

6.5CVSS5.4AI score0.00325EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 7:35 a.m.38 views

CVE-2026-34905 Apache Answer: Unlisted Questions Accessible via Direct API Access

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted...

0.00325EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 7:34 a.m.11 views

EUVD-2026-35370

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The server did not sufficiently validate user-supplied image URLs, allowing arbitrary external content to be embedded as profile images, which could expose users to...

6.5CVSS5.5AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 7:34 a.m.8 views

CVE-2026-33582 Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are...

5.4AI score0.00479EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47713

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description Timeline-related APIs lack proper authorization checks, which allows authenticated users to access content that is private, deleted, or unapproved, as well as its associated revision history...

6.1CVSS5.2AI score0.00406EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-47718

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description The unlisted question feature fails to enforce access restrictions on direct API endpoints. This allows authenticated users to discover and access unlisted questions, including their answers,...

6.5CVSS5.2AI score0.00325EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47717

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description An issue exists where user-supplied content is included in notification emails without proper escaping. This allows authenticated users to perform Cross-Site Scripting XSS, which is the injecti...

5.4CVSS5.3AI score0.00372EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in node-get-func-name

get-func-name is a module that securely and consistently retrieves the name of a function, both in Node.js and in the browser. Versions prior to 2.0.1 are vulnerable to a denial-of-service attack caused by regular expressions, which can lead to a denial of service when parsing malicious input. Th...

8.6CVSS6.2AI score0.01114EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/12 9:31 p.m.11 views

Symlink Attack

Overview github.com/hashicorp/nomad is a workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Affected versions of this package are vulnerable to Symlink Attack via shared task log directory. An attacker can read and write arbitrar...

6CVSS5.9AI score0.00169EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:41 p.m.9 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the endpoints.GetSessionCookie function. An attacker can exhaust system memory resources by sending specially crafted requests containing a large cookie chunk count, resulting in unbounded...

8.7CVSS5.5AI score0.00453EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/06 5:59 p.m.19 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect through the redirecturi parameter in multiple endpoints ForgotPassword, MagicLinkLogin, Signup, InviteMembers, OAuthLoginHandler, VerifyEmailHandler which is not validated against AllowedOrigins. An attacker can obtain...

8.6CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-29625

Malicious code in bioql PyPI...

9.6CVSS6.5AI score0.00398EPSS
Exploits1References2
Rows per page
Query Builder