Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-52837

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-14 Jul, 2026 | 14:48
Updated At-14 Jul, 2026 | 15:06
Rejected At-
Credits

Easy!Appointments has unauthenticated customer PII disclosure on booking reschedule page

Easy!Appointments is a self hosted appointment scheduler. In versions up to and including 1.5.2, the booking reschedule view at `/index.php/booking/reschedule/{appointment_hash}` (handled by `Booking::index()`) embeds the entire customer record as inline JavaScript (`const vars = {... "customer_data": {...}, ...}`) without authentication and without field whitelisting. Anyone in possession of the 12-character `appointment_hash` — which appears in plain text in reschedule emails, confirmation page URLs, and operator-side calendar links — can read every column of that customer's row in the `ea_users` table. Version 1.6.0 contains a patch.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:14 Jul, 2026 | 14:48
Updated At:14 Jul, 2026 | 15:06
Rejected At:
▼CVE Numbering Authority (CNA)
Easy!Appointments has unauthenticated customer PII disclosure on booking reschedule page

Easy!Appointments is a self hosted appointment scheduler. In versions up to and including 1.5.2, the booking reschedule view at `/index.php/booking/reschedule/{appointment_hash}` (handled by `Booking::index()`) embeds the entire customer record as inline JavaScript (`const vars = {... "customer_data": {...}, ...}`) without authentication and without field whitelisting. Anyone in possession of the 12-character `appointment_hash` — which appears in plain text in reschedule emails, confirmation page URLs, and operator-side calendar links — can read every column of that customer's row in the `ea_users` table. Version 1.6.0 contains a patch.

Affected Products
Vendor
alextselegidis
Product
easyappointments
Versions
Affected
  • < 1.6.0
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWECWE-639CWE-639: Authorization Bypass Through User-Controlled Key
Type: CWE
CWE ID: CWE-200
Description: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-639
Description: CWE-639: Authorization Bypass Through User-Controlled Key
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/alextselegidis/easyappointments/security/advisories/GHSA-xgr6-pqjv-3pf8
x_refsource_CONFIRM
https://github.com/alextselegidis/easyappointments/commit/725eafa647308846ce887657db12771a829e42ef
x_refsource_MISC
Hyperlink: https://github.com/alextselegidis/easyappointments/security/advisories/GHSA-xgr6-pqjv-3pf8
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/alextselegidis/easyappointments/commit/725eafa647308846ce887657db12771a829e42ef
Resource:
x_refsource_MISC
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:14 Jul, 2026 | 15:17
Updated At:14 Jul, 2026 | 16:17

Easy!Appointments is a self hosted appointment scheduler. In versions up to and including 1.5.2, the booking reschedule view at `/index.php/booking/reschedule/{appointment_hash}` (handled by `Booking::index()`) embeds the entire customer record as inline JavaScript (`const vars = {... "customer_data": {...}, ...}`) without authentication and without field whitelisting. Anyone in possession of the 12-character `appointment_hash` — which appears in plain text in reschedule emails, confirmation page URLs, and operator-side calendar links — can read every column of that customer's row in the `ea_users` table. Version 1.6.0 contains a patch.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-200Secondarysecurity-advisories@github.com
CWE-639Secondarysecurity-advisories@github.com
CWE ID: CWE-200
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-639
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/alextselegidis/easyappointments/commit/725eafa647308846ce887657db12771a829e42efsecurity-advisories@github.com
N/A
https://github.com/alextselegidis/easyappointments/security/advisories/GHSA-xgr6-pqjv-3pf8security-advisories@github.com
N/A
Hyperlink: https://github.com/alextselegidis/easyappointments/commit/725eafa647308846ce887657db12771a829e42ef
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/alextselegidis/easyappointments/security/advisories/GHSA-xgr6-pqjv-3pf8
Source: security-advisories@github.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

123Records found

CVE-2026-52839
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-3.3||LOW
EPSS-0.15% / 4.23%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 15:21
Updated-15 Jul, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Easy!Appointments appointments/store and appointments/update allow cross-provider appointment injection — Authorization Bypass

Easy!Appointments is a self hosted appointment scheduler. Versions prior to 1.6.0 correctly filter provider-scoped appointments in the `appointments/search` response, proving that provider isolation is an intended security boundary. However, the direct mutation endpoints `appointments/store` and `appointments/update` only check generic appointment privileges and never verify that the submitted `id_users_provider` belongs to the current session. A normal authenticated provider can inject new appointments into another provider's schedule via `store`, or reassign existing appointments into a foreign provider's calendar via `update`. The `store` path contains an additional write-before-crash bug: the unauthorized row is committed to the database before the controller crashes on a type error, so the attacker receives an error response while the foreign appointment is already persisted. Version 1.6.0 patches the issue.

Action-Not Available
Vendor-alextselegidis
Product-easyappointments
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-862
Missing Authorization
CVE-2026-52841
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-3.1||LOW
EPSS-0.13% / 2.91%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 15:27
Updated-14 Jul, 2026 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Easy!Appointments: Authorization bypass in Google OAuth provider binding lets any backend user rebind a peer provider's Google sync

Easy!Appointments is a self hosted appointment scheduler. In versions prior to 1.6.0, `Google::oauth` at `application/controllers/Google.php:278` stores its URL-supplied `provider_id` in the session, and `oauth_callback` saves the issued Google OAuth token against that row without checking the caller owns the provider. Any logged-in backend user (admin, provider, or secretary) rebinds a peer provider's Google sync to a Google account they control. The peer's appointments then sync into the attacker's calendar with each customer's name and email attached as attendee data. Version 1.6.0 patches the issue.

Action-Not Available
Vendor-alextselegidis
Product-easyappointments
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-55651
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.18% / 8.26%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 15:31
Updated-14 Jul, 2026 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Easy!Appointments Vulnerable to Appointments Takeover via Excessive Data Exposure

Easy!Appointments is a self hosted appointment scheduler. In version 1.5.2, an Excessive Data Exposure vulnerability in the customers search endpoint allows an authenticated user to obtain appointment hashes belonging to other users. Using these hashes, an attacker can modify or delete appointments of other providers, resulting in an Appointments Takeover. Version 1.6.0 fixes the issue.

Action-Not Available
Vendor-alextselegidis
Product-easyappointments
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-38054
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.40% / 32.32%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 10:29
Updated-26 Aug, 2024 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} in EasyAppointments < 1.5.0

A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.

Action-Not Available
Vendor-easyappointmentsalextselegidis
Product-easyappointmentseasyappointmentseasyappointments
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-38049
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.41% / 33.60%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 10:26
Updated-26 Aug, 2024 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} in EasyAppointments < 1.5.0

A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

Action-Not Available
Vendor-easyappointmentsalextselegidis
Product-easyappointmentseasyappointmentseasyappointments
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-3700
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.3||MEDIUM
EPSS-0.37% / 29.62%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 06:16
Updated-30 Oct, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authorization Bypass Through User-Controlled Key in alextselegidis/easyappointments

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

Action-Not Available
Vendor-easyappointmentsalextselegidis
Product-easyappointmentsalextselegidis/easyappointments
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-3290
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-5||MEDIUM
EPSS-0.29% / 21.40%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 10:23
Updated-26 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A BOLA vulnerability in POST /customers in EasyAppointments < 1.5.0

A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation.

Action-Not Available
Vendor-easyappointmentsalextselegidis
Product-easyappointmentseasyappointmentseasyappointments
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-3285
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-7.7||HIGH
EPSS-0.34% / 25.98%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 09:37
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A BOLA vulnerability in POST /appointments in EasyAppointments < 1.5.0

A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system (including admin). This results in unauthorized data manipulation.

Action-Not Available
Vendor-alextselegidis
Product-easyappointmentseasyappointments
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-56337
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.26% / 17.58%
||
7 Day CHG~0.00%
Published-24 Jun, 2026 | 11:53
Updated-25 Jun, 2026 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Information Disclosure via Unauthenticated RPC Function exist_app_v2

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.exist_app_v2 RPC function that allows unauthenticated attackers to enumerate app_ids by calling POST /rest/v1/rpc/exist_app_v2 with arbitrary appid parameters. Remote attackers can exploit this SECURITY DEFINER function to determine whether specific app_ids exist in the public.apps table, enabling cross-tenant app enumeration and privacy violations.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-56781
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.23% / 13.96%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 17:15
Updated-14 Jul, 2026 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Teable - Unauthenticated Hidden Field Disclosure via Projection Parameter Override

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from share metadata and specify them in projection parameters to read field values that are intended to be restricted from public view.

Action-Not Available
Vendor-teableio
Product-teable
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-56218
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.21% / 10.59%
||
7 Day CHG~0.00%
Published-20 Jun, 2026 | 15:24
Updated-23 Jun, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - EXIF Metadata Exposure via Image Upload

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-56282
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.24% / 14.88%
||
7 Day CHG~0.00%
Published-20 Jun, 2026 | 15:24
Updated-23 Jun, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Information Disclosure via Unauthenticated /replication Endpoint

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry including slot names and WAL LSN positions. Attackers can access this endpoint without authentication to retrieve sensitive infrastructure details such as replication slot names, confirmed_flush_lsn, restart_lsn values, and database error messages for reconnaissance purposes.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-56318
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.26% / 17.57%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:08
Updated-01 Jul, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Information Disclosure via /private/validate_password_compliance Endpoint

Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validate_password_compliance endpoint that returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observing response status codes and error messages, allowing confirmation of organization existence.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-56235
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.27% / 19.37%
||
7 Day CHG~0.00%
Published-20 Jun, 2026 | 15:24
Updated-24 Jun, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Unauthenticated Cross-Tenant Metrics Disclosure via RPC Functions

Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions (get_app_metrics, get_global_metrics, get_total_metrics) that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public Supabase API key (sb_publishable_*) can query arbitrary org_id values to disclose cross-tenant usage telemetry (MAU, bandwidth, installs, gets), enumerate app IDs for a target org, and determine org existence via an oracle (valid org returns metrics, invalid returns []).

Action-Not Available
Vendor-Cap-go
Product-capgo
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-56284
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.21% / 11.78%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 13:48
Updated-08 Jul, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Unauthenticated Metrics Disclosure via get_total_metrics RPC

Capgo (Cap-go/capgo) before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST RPC function public.get_total_metrics(org_id), which is callable by the anon role using only the public sb_publishable_* key. An unauthenticated attacker can probe organization existence and leak sensitive usage metrics including MAU, bandwidth, and install counts by sending POST requests to /rest/v1/rpc/get_total_metrics with valid organization UUIDs.

Action-Not Available
Vendor-Cap-go
Product-capgo
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-56136
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.55% / 42.33%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 19:25
Updated-27 Sep, 2025 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
/api/v1/jwt/fetch_api_key endpoint can leak if an email address has an account in Zulip server

Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user can make a request and determine if an email address is in use by a user. Zulip Server 9.4 resolves the issue, as does the `main` branch of Zulip Server. Users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-Kandra Labs, Inc. (Zulip)
Product-zulip_serverzulip
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-57474
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-6.9||MEDIUM
EPSS-0.28% / 19.82%
||
7 Day CHG~0.00%
Published-10 Jul, 2026 | 17:10
Updated-16 Jul, 2026 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deloitte AI Assist for Customer information disclosure

Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker’s reconnaissance effort. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints.

Action-Not Available
Vendor-deloitteDeloitte
Product-ai_assist_for_customerAI Assist for Customer
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-49211
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 16:14
Updated-17 Jul, 2026 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symfony UX: Information exposure via unescaped LIKE wildcards in EntitySearchUtil

Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0 until 2.36.0 and 3.1.0, Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause() builds the LIKE expression used by the autocomplete endpoint by wrapping the client-supplied query in %...% without escaping SQL LIKE wildcards (%, _, \), allowing unauthenticated users to turn the public BaseEntityAutocompleteType endpoint into a broad matcher or blind boolean oracle against every column in default searchable_fields. This issue is fixed in versions 2.36.0 and 3.1.0.

Action-Not Available
Vendor-symfony
Product-ux
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-53647
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.42% / 34.06%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 23:10
Updated-07 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FOSSBilling vulnerable to unauthenticated API key configuration disclosure via guest Serviceapikey get_info endpoint

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest `serviceapikey/get_info` API endpoint is accessible without authentication. Any caller with a valid API key can retrieve all custom configuration parameters (`custom_*` fields) stored in the key's database record. These custom fields are populated by billing administrators and can contain business-sensitive data such as pricing tiers, feature flags, rate limits, expiry overrides, or access scope data. Version 0.8.0 patches the issue. Some workarounds are available. Administrators can avoid storing sensitive data in `custom_*` API key configuration fields, monitor API logs for suspicious calls to `/api/guest/serviceapikey/get_info`, and/or disable the Serviceapikey module if not in active use.

Action-Not Available
Vendor-FOSSBilling
Product-FOSSBilling
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-862
Missing Authorization
CVE-2026-6826
Matching Score-4
Assigner-Concrete CMS
ShareView Details
Matching Score-4
Assigner-Concrete CMS
CVSS Score-6.9||MEDIUM
EPSS-0.25% / 16.29%
||
7 Day CHG~0.00%
Published-21 May, 2026 | 20:55
Updated-26 May, 2026 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Concrete 9.5.0 and below has file usage disclosure via missing permission check in Usage controller

Concrete CMS 9.5.0 and below  is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller.  Any unauthenticated visitor can request /ccm/system/dialogs/file/usage/{fID} with any file ID and receive a list of every page that references that file, including page IDs, handles, and full URLs. This includes pages that are otherwise restricted by permissions.The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.9 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks Eldudareeno for reporting.

Action-Not Available
Vendor-concretecmsConcrete CMS
Product-concrete_cmsConcrete CMS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-31147
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.27% / 19.24%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 21:50
Updated-14 Nov, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Growatt Cloud portal Authorization Bypass Through User-Controlled Key

Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users.

Action-Not Available
Vendor-growattGrowatt
Product-cloud_portalCloud portal
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-24487
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.43% / 35.20%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 20:31
Updated-12 Nov, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Growatt Cloud portal Authorization Bypass Through User-Controlled Key

An unauthenticated attacker can infer the existence of usernames in the system by querying an API.

Action-Not Available
Vendor-growattGrowatt
Product-cloud_portalCloud portal
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-31654
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.26% / 18.00%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 21:07
Updated-12 Nov, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Growatt Cloud portal Authorization Bypass Through User-Controlled Key

An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., "rooms").

Action-Not Available
Vendor-growattGrowatt
Product-cloud_portalCloud portal
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-5230
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-18.77% / 96.96%
||
7 Day CHG~0.00%
Published-23 May, 2024 | 02:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EnvaySoft FleetCart information disclosure

A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument razorpayKeyId leads to information disclosure. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-265981 was assigned to this vulnerability.

Action-Not Available
Vendor-EnvaySoftenvaysoft
Product-FleetCartfleetcart
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-46390
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.27% / 18.80%
||
7 Day CHG~0.00%
Published-05 Jun, 2026 | 18:16
Updated-09 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HAX CMS has Unauthenticated Git Access via User-Controlled Key

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue.

Action-Not Available
Vendor-haxtheweb
Product-haxcms-php
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-47379
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.25% / 16.63%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 20:17
Updated-24 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NocoDB: Plaintext Password Comparison in Shared Views

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality (===) comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. This vulnerability is fixed in 2026.05.1.

Action-Not Available
Vendor-nocodb
Product-nocodb
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-203
Observable Discrepancy
CVE-2026-45080
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.25% / 16.16%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 15:30
Updated-02 Jun, 2026 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Klaw: Improper Access Control Allows Disclosure of Password Hash

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4.

Action-Not Available
Vendor-Aiven
Product-klaw
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2026-44206
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.31% / 23.17%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 14:34
Updated-12 Jun, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe: DB Schema Enumeration via Frappe-Authorization-Source

Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an endpoint. This issue has been patched in versions 15.107.2 and 16.17.4.

Action-Not Available
Vendor-frappe
Product-frappe
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-44207
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.32% / 24.18%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 14:27
Updated-12 Jun, 2026 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe: Insecure Direct Object Reference for email accounts

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to access other users' email configuration details. This issue has been patched in versions 15.107.0 and 16.17.0.

Action-Not Available
Vendor-frappe
Product-frappe
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-40495
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.28% / 19.85%
||
7 Day CHG~0.00%
Published-03 Jun, 2026 | 19:38
Updated-04 Jun, 2026 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FOSSBilling version exposed via asset cache buster

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the `hide_version_public` security setting. The FOSSBilling version is embedded in the query string of every `<script>` and `<link>` tag generated by the `script_tag` and `stylesheet_tag` Twig filters. This information is visible to all visitors — including unauthenticated guests — on every page, regardless of whether the `hide_version_public` setting is enabled. The `X-FOSSBilling-Version` HTTP header and the `guest.system.version` API endpoint correctly honour the `hide_version_public` setting, but the asset cache buster parameters were overlooked. Knowledge of the exact FOSSBilling version makes it significantly easier for malicious actors to identify known vulnerabilities applicable to a given installation and craft targeted exploits. While not a direct vulnerability on its own, it undermines the intended protection offered by the `hide_version_public` setting and facilitates reconnaissance. Version 0.8.0 contains a patch. There is no practical workaround that removes the version from asset URLs without modifying source code.

Action-Not Available
Vendor-FOSSBilling
Product-FOSSBilling
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-40584
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.28% / 19.57%
||
7 Day CHG~0.00%
Published-Not Available
Updated-27 Apr, 2026 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web/api/genericapi.py. Because the code removes elements from a list while iterating over it, entries marked as private may be unintentionally retained in API responses, allowing unauthorized disclosure of non-public location information. This vulnerability is fixed in 1.9.0.

Action-Not Available
Vendor-ransomlook
Product-ransomlook
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-54105
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-6.9||MEDIUM
EPSS-0.30% / 21.93%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 16:13
Updated-24 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
U.S. GAO EPDS and CBCA EDS user information disclosure

The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a request containing an arbitrary 'user_id' parameter and receive a JSON response containing account-specific information, including the associated email address.

Action-Not Available
Vendor-Government Accountability OfficeCivilian Board of Contract Appeals
Product-Electronic Docketing System (EDS)Electronic Protest Docketing System (EPDS)
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-30254
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.43% / 35.20%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 20:56
Updated-12 Nov, 2025 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Growatt Cloud portal Authorization Bypass Through User-Controlled Key

An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner's username.

Action-Not Available
Vendor-growattGrowatt
Product-cloud_portalCloud portal
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-47378
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.24% / 14.98%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 20:34
Updated-25 Jun, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NocoDB: Hidden Column Exposure in Public Shared View Endpoints

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, Public shared-view endpoints exposed values from columns that the view owner had hidden, via three independent paths: groupBy returned raw values for any column named in the request, filter and sort arrays operated on hidden columns enabling boolean-blind extraction, and the related-data list accepted arbitrary link-column IDs from other tables in the same base. This vulnerability is fixed in 2026.04.1.

Action-Not Available
Vendor-nocodb
Product-nocodb
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-47136
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.31% / 23.06%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 18:30
Updated-29 May, 2026 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RustFS: Unauthenticated RustFS console license endpoint exposes license metadata

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license information such as the license subject and expiration timestamp. Any client that can reach the console listener can query this endpoint without credentials. This vulnerability is fixed in 1.0.0-beta.2.

Action-Not Available
Vendor-rustfs
Product-rustfs
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-32098
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.29% / 20.80%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 19:57
Updated-13 Mar, 2026 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Parse Server has a protected fields bypass via LiveQuery subscription WHERE clause

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.9 and 8.6.35, an attacker can exploit LiveQuery subscriptions to infer the values of protected fields without directly receiving them. By subscribing with a WHERE clause that references a protected field (including via dot-notation or $regex), the attacker can observe whether LiveQuery events are delivered for matching objects. This creates a boolean oracle that leaks protected field values. The attack affects any class that has both protectedFields configured in Class-Level Permissions and LiveQuery enabled. This vulnerability is fixed in 9.6.0-alpha.9 and 8.6.35.

Action-Not Available
Vendor-parseplatformparse-community
Product-parse-serverparse-server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-32265
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.34% / 26.56%
||
7 Day CHG~0.00%
Published-18 Mar, 2026 | 03:28
Updated-16 Apr, 2026 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Amazon S3 for Craft CMS has an Information Disclosure vulnerability

The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The `BucketsController->actionLoadBucketData()` endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Users should update to version 2.2.5 of the plugin to mitigate the issue.

Action-Not Available
Vendor-craftcms
Product-aws-s3
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-42493
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.31% / 23.27%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 17:23
Updated-29 Aug, 2024 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dorsett Controls InfoScan Exposure of Sensitive Information To An Unauthorized Actor

Dorsett Controls InfoScan is vulnerable due to a leak of possible sensitive information through the response headers and the rendered JavaScript prior to user login.

Action-Not Available
Vendor-dorsettcontrolsDorsett Controlsdorsettcontrols
Product-infoscanInfoScaninfoscan
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-27938
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.43% / 35.20%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 21:03
Updated-12 Nov, 2025 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Growatt Cloud portal Authorization Bypass Through User-Controlled Key

Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms").

Action-Not Available
Vendor-growattGrowatt
Product-cloud_portalCloud portal
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-27929
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.27% / 19.24%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 21:59
Updated-14 Nov, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Growatt Cloud portal Authorization Bypass Through User-Controlled Key

Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts.

Action-Not Available
Vendor-growattGrowatt
Product-cloud_portalCloud portal
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-29069
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.27% / 19.25%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 16:57
Updated-05 Mar, 2026 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Craft has an unauthenticated activation email trigger with potential user enumeration

Craft is a content management system (CMS). Prior to 5.9.0-beta.2 and 4.17.0-beta.2, the actionSendActivationEmail() endpoint is accessible to unauthenticated users and does not require a permission check for pending users. An attacker with no prior access can trigger activation emails for any pending user account by knowing or guessing the user ID. If the attacker controls the target user’s email address, they can activate the account and gain access to the system. This vulnerability is fixed in 5.9.0-beta.2 and 4.17.0-beta.2.

Action-Not Available
Vendor-craftcmscraftcms
Product-craft_cmscms
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-28559
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.34% / 25.85%
||
7 Day CHG~0.00%
Published-28 Feb, 2026 | 21:47
Updated-11 May, 2026 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wpForo Forum 2.4.14 Information Disclosure via Global RSS Feed

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that are only applied when a specific forum ID is present in the query.

Action-Not Available
Vendor-gvectorsgVectors Team
Product-wpforo_forumwpForo Forum
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-8461
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-1.85% / 76.78%
||
7 Day CHG~0.00%
Published-05 Sep, 2024 | 12:31
Updated-12 Sep, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DNS-320 Web Management Interface discovery.cgi information disclosure

A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

Action-Not Available
Vendor-D-Link Corporation
Product-dns-320_firmwaredns-320DNS-320dns-320
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-7842
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.98% / 58.19%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 21:31
Updated-18 Feb, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Graduate Tracer System export_it.php information disclosure

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Graduate Tracer System 1.0. This issue affects some unknown processing of the file /tracking/admin/export_it.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-tamparongj03SourceCodestertamparongj_03
Product-online_graduate_tracer_systemOnline Graduate Tracer Systemonline_graduate_tracer_system
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-7339
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-32.03% / 98.12%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 04:00
Updated-20 Dec, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TVT DVR TD-2104TS-CL queryDevInfo information disclosure

A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-provision-isrtvtTVTtvt
Product-td-2108ts-hp_firmwareavision_av108t_firmwaretd-2104ts-clsh-4050a5-5l\(mm\)_firmwaretd-2104ts-cl_firmwaresh-4050a5-5l\(mm\)td-2108ts-hpavision_av108tProvision-ISR DVR SH-4050A5-5L(MM)DVR TD-2104TS-CLDVR TD-2108TS-HPAVISION DVR AV108Tdvr_td_2018ts_hpprovision_isr_dvr_sh_4050a5_5l\/mm\/dvr_td_2014ts_clavision_dvr_av108t
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-7843
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.98% / 58.19%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 22:31
Updated-18 Feb, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Graduate Tracer System exportcs.php information disclosure

A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file /tracking/admin/exportcs.php. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-tamparongj03SourceCodestertamparongj_03
Product-online_graduate_tracer_systemOnline Graduate Tracer Systemonline_graduate_tracer_system
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-7156
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-13.34% / 95.97%
||
7 Day CHG~0.00%
Published-28 Jul, 2024 | 10:31
Updated-08 Aug, 2024 | 12:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A3700R apmib Configuration ExportSettings.sh information disclosure

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/ExportSettings.sh of the component apmib Configuration Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-a3700ra3700r_firmwareA3700Ra3700r_firmware
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-34659
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.55% / 42.46%
||
7 Day CHG-0.05%
Published-10 Aug, 2022 | 11:17
Updated-14 Jul, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter STAR-CCM+ (All versions only if the Power-on-Demand public license server is used). Affected applications expose user, host and display name of users, when the public license server is used. This could allow an attacker to retrieve this information.

Action-Not Available
Vendor-Siemens AG
Product-simcenter_star-ccm\+_viewerSimcenter STAR-CCM+
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-50210
Matching Score-4
Assigner-8fc372e3-d9c5-46e4-9410-38469745c639
ShareView Details
Matching Score-4
Assigner-8fc372e3-d9c5-46e4-9410-38469745c639
CVSS Score-6.9||MEDIUM
EPSS-0.24% / 15.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 07:22
Updated-04 Jun, 2026 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weak Static Cryptographic Initialization Vectors

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attacks and known-plaintext decryption.

Action-Not Available
Vendor-Acer Inc.
Product-connect_m6e_5g_firmwareconnect_m6e_5gConnect M6E 5G Portable WiFi Router
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-33425
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.21% / 10.79%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 23:12
Updated-24 Mar, 2026 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse has inferable private group membership or existence via exclude_groups parameter

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, unauthenticated users can determine whether a specific user is a member of a private group by observing changes in directory results when using the `exclude_groups` parameter. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, disable public access to the user directory via Admin → Settings → hide user profiles from public.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found