Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.5 views

CVE-2026-28508

Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoin...

9.2CVSS5.8AI score0.00628EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/06 4:13 a.m.3 views

CVE-2026-28508 Idno: Unauthenticated SSRF via URL Unfurl Endpoint

Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoin...

9.2CVSS5.8AI score0.00628EPSS
Exploits1References2
OSV
OSV
added 2026/03/06 4:13 a.m.4 views

CVE-2026-28508 Idno: Unauthenticated SSRF via URL Unfurl Endpoint

Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoin...

9.2CVSS5.9AI score0.00628EPSS
Exploits1References4
OSV
OSV
added 2026/03/02 9:24 p.m.7 views

GHSA-FCRH-FQXH-6FX6 Idno Vulnerable to Unauthenticated SSRF via URL Unfurl Endpoint

Summary A logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoint itself, this allows an attacker to force the server ...

9.2CVSS6.3AI score0.00628EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/02 9:24 p.m.12 views

Idno Vulnerable to Unauthenticated SSRF via URL Unfurl Endpoint

Summary A logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoint itself, this allows an attacker to force the server ...

9.2CVSS6.3AI score0.00628EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder