Lucene search
K
GithubRecent

33227 matches found

Github Security Blog
Github Security Blog
added 2026/05/06 11:2 p.m.9 views

Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules

A redirect route rule like: ts routeRules: "/legacy/": redirect: "/" is intended to rewrite paths within the same host. Before the patch, an attacker could turn the rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. Example exploit: GET /legacy//evil.com Nitro...

6.1CVSS5.8AI score0.00237EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/06 11:1 p.m.8 views

Nitro has a proxy scope bypass via percent-encoded path traversal in `routeRules`

A proxy route rule like: ts routeRules: "/api/orders/": proxy: to: "http://upstream/orders/" is intended to limit the proxy to URLs under /api/orders/. Before the patch, an attacker could bypass that scope by sending percent-encoded path traversal ..%2f in the URL, causing Nitro to forward a...

5.3CVSS5.8AI score0.00392EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/06 10:40 p.m.10 views

pyquorum: Timing side‑channel in mul_mod

Impact The mulmod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand the exponent. An attacker who can measure the time of secret‑sharing operations e.g., via a remote service could progressively recover the valu...

6.9CVSS6AI score0.00314EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 10:39 p.m.8 views

MediaMTX affected by CVE-2026-27143 due to vulnerable dependency

Summary Release 1.17.1 seems affected by CVE-2026-27143. golang 1.25.9 Seems to solve the issue. Is there any new release planned? Details See https://nvd.nist.gov/vuln/detail/CVE-2026-27143...

9.8CVSS5.8AI score0.00536EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 10:32 p.m.9 views

opentelemetry-collector-contrib's azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay

Summary A server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any OpenTelemetry receiver that uses auth: azureauth. The extension's Authenticate metho...

8.1CVSS5.8AI score0.00222EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 10:31 p.m.8 views

misp-modules website - Missing CSRF protection in the website home blueprint

A Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of sessi...

9.3CVSS5.8AI score0.00185EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 10:31 p.m.10 views

misp-modules has nsafe remote resource fetching in expansion

An unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allow Server-Side Request Forgery against loopback, private, or link-local network resources. Additionally...

5.8CVSS6AI score0.00102EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 10:26 p.m.15 views

fast-jwt: JWT auth bypass due to empty HMAC secret accepted by async key resolver

Summary A critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an empty string '', for example via the common keysdecoded.header.ki...

9.1CVSS6AI score0.00236EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 10:22 p.m.6 views

Lemmy may expose private community data through community, saved, liked, and modlog API views

NOTE: Only affects development version. Summary Lemmy applies private-community checks in PostView and CommentView, but several adjacent API views skip the accepted-follower filter. Bob, a registered user who is not an accepted follower, can read private community sidebar and summary fields. Alic...

5.5AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 10:12 p.m.12 views

Private Lemmy instances expose multi-community metadata without authentication

NOTE: Only affects development version. Summary readmulticommunity does not enforce the private-instance setting. On a private instance, an unauthenticated visitor can read multi-community names, titles, summaries, sidebars, owner identities, and member community lists. Details Other read handler...

5.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 10:11 p.m.9 views

Kyverno policy-reporter-ui has XSS via Stored Property Values in PropertyCard Component

Summary Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentionally disables the auto-escaping that interpolation provides. The PropertyCard.vue component uses v-html for the else branch of the URL check, meaning any non-URL string value flows...

6.1CVSS6AI score0.00183EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 10:10 p.m.12 views

Daptin fuzzy search injects unvalidated column name into raw SQL

Summary processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no column whitelist check. The entry point is GET /api/ with...

7.1CVSS6.1AI score0.00305EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 10:8 p.m.8 views

PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)

TL;DR CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains unguarded. It is reached by the recipe runner on every recipe execution and is...

8.4CVSS5.9AI score0.00246EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 10:8 p.m.29 views

PraisonAI has an SSRF bypass

Summary The URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. Details The current PraisonAI project uses validateurl to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by...

9.8CVSS5.9AI score0.00378EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 10:6 p.m.11 views

aiograpi has dependency on vulnerable orjson 3.11.4 (CVE-2025-67221)

Impact aiograpi 0.6.6 / 0.7.0 / 0.7.1 declared orjson==3.11.6 and later ==3.11.8 in requirements.txt but setup.py carried a hard-coded duplicate requirements = ... list that was never updated and still pinned orjson==3.11.4. When setuptools builds the source distribution it reads the metadata fro...

7.5CVSS6.2AI score0.0055EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:59 p.m.12 views

Hatchet affected by cross-tenant information disclosure in `listTasksByDAGIds`

Summary A missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any tenant on the same Hatchet instance could query the endpoint with another tenant's UUID and a DAG UUID belongi...

6.5CVSS5.9AI score0.00181EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:58 p.m.12 views

GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath

GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, but Git still accepts an indented core stanza as a section header — so the injected core.hooksPa...

7.8CVSS6AI score0.00237EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:56 p.m.29 views

python-multipart has Denial of Service via unbounded multipart part headers

Summary python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individual part header. An attacker could send a request with either many...

7.5CVSS5.8AI score0.00549EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:55 p.m.9 views

rmcp Streamable HTTP server transport has a DNS rebinding vulnerability

Summary Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport crates/rmcp/src/transport/streamablehttpserver/ did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to send authenticated requests to an MCP server running...

8.8CVSS6.3AI score0.00213EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:52 p.m.19 views

kube-router: GoBGP gRPC Admin Port Exposed on Node Primary IP Without Authentication, Allowing Cluster-Wide BGP Route Injection

Summary When the kube-router routing controller starts --run-router, it binds the GoBGP gRPC management server to the node's primary IP e.g., 192.168.1.10:50051 in addition to 127.0.0.1:50051. The default admin port is 50051 and the server is enabled by default with no TLS and no authentication...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:49 p.m.15 views

rpassword affected by partial password reveal when input is interrupted

rpassword maintainers were made aware of a possible issue with a partial password reveal when input is interrupted. To quote @squell: @conradkleinespel I've confirmed this problem with SequoiaPGP, which I think uses rpassword, e.g.: Suppose we use pkill -9 sq in a different terminal right after t...

5.7AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:45 p.m.10 views

vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters

Summary The extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash is triggered when any request in the batch uses sampling penalty parameters...

6.5CVSS5.8AI score0.00367EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:45 p.m.16 views

Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup

Summary On Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the configured template directory. Details The root cause is a...

8.7CVSS5.8AI score0.00609EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:43 p.m.13 views

JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content

JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all click events on document.body and executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with ...

9.6CVSS6.4AI score0.00386EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/06 9:41 p.m.8 views

Valtimo has SpEL injection via StandardEvaluationContext that allows Remote Code Execution by admin users

Summary Multiple classes evaluate Spring Expression Language SpEL expressions from user-supplied input using StandardEvaluationContext, which provides unrestricted access to Java types and methods. An authenticated user with the ADMIN role can achieve Remote Code Execution and credential...

9.1CVSS6AI score0.00576EPSS
Exploits0References3Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/06 9:39 p.m.12 views

Flight vulnerable to sensitive information disclosure via default error handler

Summary The default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak internal paths, any secret interpolated into an exception...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:38 p.m.12 views

Flight: HTTP method override enabled by default, facilitating CSRF escalation and middleware bypass

Summary Request::getMethod unconditionally honors the X-HTTP-Method-Override header and the $REQUEST'method' parameter on any HTTP verb including safe verbs such as GET, with no opt-in and no whitelist of permitted target methods. A GET request can silently become a DELETE or PUT, enabling CSRF...

7.5CVSS5.8AI score0.0031EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:35 p.m.14 views

Flight vulnerable to SQL Injection via unvalidated identifiers in SimplePdo::insert / update / delete

Summary SimplePdo::insert, SimplePdo::update, and SimplePdo::delete build SQL statements by concatenating the $table argument and the keys of the $data array directly into the query, with no identifier quoting and no validation. When an application forwards user-controlled data shapes to these...

8.8CVSS6AI score0.00396EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:34 p.m.10 views

Flight has path traversal in `make:controller` CLI that creates arbitrary directories outside project root

Summary The make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name contains /, but the recursive directory creation side effect...

4.4CVSS5.8AI score0.00154EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:34 p.m.14 views

Flight has reflected XSS through an unvalidated JSONP callback in Flight::jsonp()

Summary Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that executes in the response origin, enabling reflected cross-site...

8.6CVSS5.9AI score0.00341EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.11 views

Duplicate Advisory: OpenClaw validates Zalo outbound photo URLs through the SSRF guard

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2hh7-c75g-qj2r. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto functio...

8.6CVSS5.7AI score0.00291EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.12 views

Duplicate Advisory: OpenClaw: Feishu webhook and card-action validation now fail closed

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xh72-v6v9-mwhc. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validatio...

9.8CVSS6AI score0.00718EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.11 views

Duplicate Advisory: OpenClaw: Matrix room control-command authorization no longer trusts DM pairing-store entries

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2gvc-4f3c-2855. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization...

8.8CVSS5.8AI score0.00288EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.23 views

Duplicate Advisory: OpenClaw: Workspace dotenv could override runtime-control environment variables

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hxvm-xjvf-93f3. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace...

8.5CVSS5.7AI score0.00129EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.11 views

Duplicate Advisory: OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xmxx-7p24-h892. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain...

9.8CVSS5.7AI score0.0054EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.18 views

Duplicate Advisory: OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f7fh-qg34-x2xh. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket...

7.7CVSS5.9AI score0.00265EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.9 views

Duplicate Advisory: OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h3g-6xhh-rg6p. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that...

8.3CVSS5.7AI score0.00208EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.16 views

Duplicate Advisory: OpenClaw: QQBot direct media upload skipped URL SSRF validation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c4qg-j8jg-42q5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skip...

6.3CVSS5.7AI score0.00236EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.13 views

Duplicate Advisory: OpenClaw: Delivery queue recovery could lose group tool-policy context for media replay

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r77c-2cmr-7p47. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media...

6.5CVSS5.7AI score0.00214EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.16 views

Duplicate Advisory: OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-536q-mj95-h29h. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger...

7.7CVSS5.8AI score0.00264EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.12 views

Duplicate Advisory: OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wppj-c6mr-83jj. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes...

9.6CVSS5.7AI score0.02442EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.50 views

Duplicate Advisory: OpenClaw: MCP loopback owner context is derived from server-issued bearer tokens

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r6xh-pqhr-v4xh. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request...

8.5CVSS5.7AI score0.00112EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.10 views

Duplicate Advisory: OpenClaw: Exec environment denylist missed high-risk interpreter startup variables

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vfp4-8x56-j7c5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environmen...

8.8CVSS5.8AI score0.00392EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.36 views

Duplicate Advisory: OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xq94-r468-qwgj. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allo...

6.3CVSS5.7AI score0.00199EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:24 p.m.17 views

Granian vulnerable to DoS via WSGI response header panic

Summary Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap on both the header name and header value constructors, so malformed output from the application becomes a process abort instead of a...

5.9CVSS5.8AI score0.00222EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:20 p.m.24 views

Granian vulnerable to unauthenticated DoS via WebSocket subprotocol header panic

Summary Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The crash happens in Granian's WebSocket scope construction path, before the ASGI application is invoked. This is a single-request...

7.5CVSS5.9AI score0.00324EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:19 p.m.32 views

Low-privileged Grav API users can create super-admin accounts via blueprint-upload

Summary In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created account with api.super privileges. This results in full administrative compromise of...

8.8CVSS6.3AI score0.00336EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 8:59 p.m.21 views

Hugo's Node tool execution allows file system access outside the project directory

Impact When building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could allow code running through these tools to read or write...

8.6CVSS5.8AI score0.00274EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 8:57 p.m.11 views

Magento LTS: Reflected XSS - Import -> Data Flow (profiles)

A reflected XSS vulnerability was found under admin panel - System - Import/Export - Dataflow - Profiles. Steps to produce + Login to the admin panel + Go to the path System - Import/Export - Dataflow - Profiles + Select profile direction as Import. + Click on Import Customers + Upload the file...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 8:54 p.m.11 views

Statamic CMS vulnerable to email enumeration via forgot password endpoint

Impact Responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-up credential-based attacks. Patches This has been fixed in 5.73.21 and 6.15.0. The forgot...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities33227