Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-53647

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-06 Jul, 2026 | 23:10
Updated At-07 Jul, 2026 | 14:28
Rejected At-
Credits

FOSSBilling vulnerable to unauthenticated API key configuration disclosure via guest Serviceapikey get_info endpoint

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest `serviceapikey/get_info` API endpoint is accessible without authentication. Any caller with a valid API key can retrieve all custom configuration parameters (`custom_*` fields) stored in the key's database record. These custom fields are populated by billing administrators and can contain business-sensitive data such as pricing tiers, feature flags, rate limits, expiry overrides, or access scope data. Version 0.8.0 patches the issue. Some workarounds are available. Administrators can avoid storing sensitive data in `custom_*` API key configuration fields, monitor API logs for suspicious calls to `/api/guest/serviceapikey/get_info`, and/or disable the Serviceapikey module if not in active use.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:06 Jul, 2026 | 23:10
Updated At:07 Jul, 2026 | 14:28
Rejected At:
▼CVE Numbering Authority (CNA)
FOSSBilling vulnerable to unauthenticated API key configuration disclosure via guest Serviceapikey get_info endpoint

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest `serviceapikey/get_info` API endpoint is accessible without authentication. Any caller with a valid API key can retrieve all custom configuration parameters (`custom_*` fields) stored in the key's database record. These custom fields are populated by billing administrators and can contain business-sensitive data such as pricing tiers, feature flags, rate limits, expiry overrides, or access scope data. Version 0.8.0 patches the issue. Some workarounds are available. Administrators can avoid storing sensitive data in `custom_*` API key configuration fields, monitor API logs for suspicious calls to `/api/guest/serviceapikey/get_info`, and/or disable the Serviceapikey module if not in active use.

Affected Products
Vendor
FOSSBilling
Product
FOSSBilling
Versions
Affected
  • >= 0.5.3, < 0.8.0
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWECWE-306CWE-306: Missing Authentication for Critical Function
CWECWE-862CWE-862: Missing Authorization
Type: CWE
CWE ID: CWE-200
Description: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-306
Description: CWE-306: Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-862
Description: CWE-862: Missing Authorization
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-737q-9gpr-6mpq
x_refsource_CONFIRM
Hyperlink: https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-737q-9gpr-6mpq
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:07 Jul, 2026 | 00:16
Updated At:07 Jul, 2026 | 15:16

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest `serviceapikey/get_info` API endpoint is accessible without authentication. Any caller with a valid API key can retrieve all custom configuration parameters (`custom_*` fields) stored in the key's database record. These custom fields are populated by billing administrators and can contain business-sensitive data such as pricing tiers, feature flags, rate limits, expiry overrides, or access scope data. Version 0.8.0 patches the issue. Some workarounds are available. Administrators can avoid storing sensitive data in `custom_*` API key configuration fields, monitor API logs for suspicious calls to `/api/guest/serviceapikey/get_info`, and/or disable the Serviceapikey module if not in active use.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
N/A
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-200Secondarysecurity-advisories@github.com
CWE-306Secondarysecurity-advisories@github.com
CWE-862Secondarysecurity-advisories@github.com
CWE ID: CWE-200
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-306
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-862
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-737q-9gpr-6mpqsecurity-advisories@github.com
N/A
Hyperlink: https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-737q-9gpr-6mpq
Source: security-advisories@github.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

120Records found

CVE-2026-40495
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.28% / 19.85%
||
7 Day CHG~0.00%
Published-03 Jun, 2026 | 19:38
Updated-04 Jun, 2026 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FOSSBilling version exposed via asset cache buster

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the `hide_version_public` security setting. The FOSSBilling version is embedded in the query string of every `<script>` and `<link>` tag generated by the `script_tag` and `stylesheet_tag` Twig filters. This information is visible to all visitors — including unauthenticated guests — on every page, regardless of whether the `hide_version_public` setting is enabled. The `X-FOSSBilling-Version` HTTP header and the `guest.system.version` API endpoint correctly honour the `hide_version_public` setting, but the asset cache buster parameters were overlooked. Knowledge of the exact FOSSBilling version makes it significantly easier for malicious actors to identify known vulnerabilities applicable to a given installation and craft targeted exploits. While not a direct vulnerability on its own, it undermines the intended protection offered by the `hide_version_public` setting and facilitates reconnaissance. Version 0.8.0 contains a patch. There is no practical workaround that removes the version from asset URLs without modifying source code.

Action-Not Available
Vendor-FOSSBilling
Product-FOSSBilling
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-53643
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.23% / 13.30%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 22:49
Updated-07 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FOSSBilling allows low-privileged staff accounts to perform unauthorized actions via admin API endpoints

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the `can_always_access` module flag (which grants all staff access to certain modules) and insufficient permission checks or unsafe parameter handling on individual endpoints. Version 0.8.0 contains a fix. Some workarounds are available. Restrict staff accounts to only those who need access to sensitive settings and/or use a reverse proxy or WAF to restrict access to the affected endpoints to trusted IP addresses or higher-privilege roles.

Action-Not Available
Vendor-FOSSBilling
Product-FOSSBilling
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-862
Missing Authorization
CVE-2026-43920
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.55% / 42.04%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 23:06
Updated-26 Jun, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configuration files, execute database schema changes, perform filesystem mutations, and clear caches. The /run-patcher endpoint executes privileged maintenance operations - configuration migrations, database patch execution (including ALTER TABLE, DROP TABLE, UPDATE statements), filesystem deletions and renames, and cache clearing - without requiring administrator authentication, CSRF validation, or CLI context. An unauthenticated remote attacker can trigger these operations by sending a simple HTTP GET request to /run-patcher, which can be abused for denial-of-service attacks. Certain patches (e.g., batch token regeneration for all admin and client accounts in patch 53, and session invalidation) are disruptive even when re-executed against an already-patched instance. Repeated or concurrent requests may also cause inconsistent database state. This issue has been fixed in version 0.8.0.

Action-Not Available
Vendor-FOSSBilling
Product-FOSSBilling
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-42341
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-9.2||CRITICAL
EPSS-0.18% / 8.13%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 20:53
Updated-07 Jul, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FOSSBilling has an unauthenticated payment bypass via IPN callback forgery

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit the associated client account without making an actual payment, by sending a single crafted HTTP request. Version 0.8.0 patches the issue. Some workarounds are available. Disable the Custom payment gateway if not actively needed and/or restrict access to `/ipn.php` at the web server level (e.g., via IP allowlisting), noting that this may interfere with legitimate payment callback processing.

Action-Not Available
Vendor-FOSSBilling
Product-FOSSBilling
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-346
Origin Validation Error
CVE-2026-33543
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.29% / 20.82%
||
7 Day CHG~0.00%
Published-24 Jun, 2026 | 21:01
Updated-25 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FOSSBilling: Authentication bypass allows unauthenticated administrator creation

FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/create, intended for initial administrator bootstrap. Due to a flawed admin-existence check, the endpoint remains usable after an administrator already exists. The flawed guard check uses is_countable() on a value that returns a Model_Admin object or null rather than a countable type, causing the expression to always evaluate as true and bypass the intended protection. As a result, an attacker can reach the unprotected endpoint to create a new administrator account and immediately authenticate, gaining a fully privileged admin session even when an admin already exists. This issue has been fixed in version 0.8.0.

Action-Not Available
Vendor-FOSSBilling
Product-FOSSBilling
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-27604
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.41% / 32.99%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 14:25
Updated-23 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged `/api/system/*` endpoints. Because `system` resolves to the cron admin identity, attackers can invoke admin API methods without valid credentials, session, or CSRF token. Version 0.8.0 patches the issue. Some workarounds are available. Block external access to `/api/system/*` at reverse proxy/WAF, restrict API access by trusted source IPs only (`api.allowed_ips`), rotate all admin/client API tokens immediately, invalidate active sessions and reset high-privilege credentials, and/or review API request logs for suspicious `/api/system/` access and treat as potential incident.

Action-Not Available
Vendor-FOSSBilling
Product-FOSSBilling
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-27708
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.27% / 18.07%
||
7 Day CHG~0.00%
Published-24 Jun, 2026 | 19:24
Updated-25 Jun, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FOSSBilling: IDOR in Servicecustom Client API allows cross-client data access

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, the Servicecustom Client API's __call method accepts an order_id parameter and fetches the associated order without verifying the authenticated client owns it, potentially exposing cross-client data through IDOR. An authenticated client can access any other client's custom service by guessing sequential order IDs. This can lead to a confidentiality breach — attackers can read client PII (name, email, phone, address, company details, VAT number) and service configuration data belonging to other clients. This issue has been fixed in version 0.8.0.

Action-Not Available
Vendor-FOSSBilling
Product-FOSSBilling
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-862
Missing Authorization
CVE-2026-53640
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-2.3||LOW
EPSS-0.23% / 13.30%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 22:30
Updated-07 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FOSSBilling missing authorization checks on read-only admin API endpoints expose sensitive staff, client, and redirect data

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, low-privileged staff accounts may read sensitive data via admin API endpoints that lack permission checks. While sibling write endpoints correctly enforce fine-grained permissions, the corresponding read endpoints have no authorization guards. Version 0.8.0 contains a fix. Some workarounds are available. Restrict staff accounts to only those who need access to sensitive data and/or use a reverse proxy or WAF to restrict access to the affected endpoints.

Action-Not Available
Vendor-FOSSBilling
Product-FOSSBilling
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-862
Missing Authorization
CVE-2026-42331
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.25% / 15.96%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 21:00
Updated-07 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FOSSBilling missing authorization in guest Invoice API endpoints

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the payment gateway associated with an unpaid invoice. An attacker who obtains an invoice hash, which may leak through shared URLs, referrer headers, or email links, can change the `gateway_id` on an unpaid invoice to any payment gateway configured in the system. This does not allow redirecting payments to an arbitrary external endpoint, as the gateway must already be installed and configured by an administrator. The practical impact is further limited by the `invoice_accessible_from_hash` system setting. Version 0.8.0 contains a patch. No known workarounds are available.

Action-Not Available
Vendor-FOSSBilling
Product-FOSSBilling
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-56337
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.26% / 17.58%
||
7 Day CHG~0.00%
Published-24 Jun, 2026 | 11:53
Updated-25 Jun, 2026 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Information Disclosure via Unauthenticated RPC Function exist_app_v2

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.exist_app_v2 RPC function that allows unauthenticated attackers to enumerate app_ids by calling POST /rest/v1/rpc/exist_app_v2 with arbitrary appid parameters. Remote attackers can exploit this SECURITY DEFINER function to determine whether specific app_ids exist in the public.apps table, enabling cross-tenant app enumeration and privacy violations.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-56218
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.21% / 10.59%
||
7 Day CHG~0.00%
Published-20 Jun, 2026 | 15:24
Updated-23 Jun, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - EXIF Metadata Exposure via Image Upload

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-56282
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.24% / 14.88%
||
7 Day CHG~0.00%
Published-20 Jun, 2026 | 15:24
Updated-23 Jun, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Information Disclosure via Unauthenticated /replication Endpoint

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry including slot names and WAL LSN positions. Attackers can access this endpoint without authentication to retrieve sensitive infrastructure details such as replication slot names, confirmed_flush_lsn, restart_lsn values, and database error messages for reconnaissance purposes.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-56321
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.32% / 24.31%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 21:04
Updated-23 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Missing Authentication Middleware on GET /private/role_bindings Endpoint

Capgo (backend Supabase edge functions) before 12.128.2 does not apply the global authentication middleware to the GET /private/role_bindings/:org_id endpoint, unlike the POST and DELETE role_bindings routes, so unauthenticated requests reach the handler instead of being rejected at the middleware layer. The handler still performs its own authorization check and returns Unauthorized, so no direct data exposure occurs; the flaw is inconsistent authentication enforcement across HTTP methods that could enable authorization bypass if the handler logic changes.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-56318
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.26% / 17.57%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:08
Updated-01 Jul, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Information Disclosure via /private/validate_password_compliance Endpoint

Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validate_password_compliance endpoint that returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observing response status codes and error messages, allowing confirmation of organization existence.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-56235
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.27% / 19.37%
||
7 Day CHG~0.00%
Published-20 Jun, 2026 | 15:24
Updated-24 Jun, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Unauthenticated Cross-Tenant Metrics Disclosure via RPC Functions

Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions (get_app_metrics, get_global_metrics, get_total_metrics) that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public Supabase API key (sb_publishable_*) can query arbitrary org_id values to disclose cross-tenant usage telemetry (MAU, bandwidth, installs, gets), enumerate app IDs for a target org, and determine org existence via an oracle (valid org returns metrics, invalid returns []).

Action-Not Available
Vendor-Cap-go
Product-capgo
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-56284
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.21% / 11.78%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 13:48
Updated-08 Jul, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Unauthenticated Metrics Disclosure via get_total_metrics RPC

Capgo (Cap-go/capgo) before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST RPC function public.get_total_metrics(org_id), which is callable by the anon role using only the public sb_publishable_* key. An unauthenticated attacker can probe organization existence and leak sensitive usage metrics including MAU, bandwidth, and install counts by sending POST requests to /rest/v1/rpc/get_total_metrics with valid organization UUIDs.

Action-Not Available
Vendor-Cap-go
Product-capgo
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-56136
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.55% / 42.33%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 19:25
Updated-27 Sep, 2025 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
/api/v1/jwt/fetch_api_key endpoint can leak if an email address has an account in Zulip server

Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user can make a request and determine if an email address is in use by a user. Zulip Server 9.4 resolves the issue, as does the `main` branch of Zulip Server. Users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-Kandra Labs, Inc. (Zulip)
Product-zulip_serverzulip
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-57474
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-6.9||MEDIUM
EPSS-0.28% / 19.82%
||
7 Day CHG~0.00%
Published-10 Jul, 2026 | 17:10
Updated-16 Jul, 2026 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deloitte AI Assist for Customer information disclosure

Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker’s reconnaissance effort. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints.

Action-Not Available
Vendor-deloitteDeloitte
Product-ai_assist_for_customerAI Assist for Customer
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-63098
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:38
Updated-17 Jul, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TheHive 4.1.24 Unauthenticated Information Disclosure via /api/status Endpoint

TheHive through 4.1.24 contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by sending a GET request to the /api/status endpoint, which lacks authentication enforcement in the StatusCtrl.scala handler. Attackers can obtain the datastore attachment protection password, configured authentication providers, SSO settings, MFA capabilities, and clustered node addresses and roles without any credentials.

Action-Not Available
Vendor-TheHive-Project
Product-TheHive
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-49211
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 16:14
Updated-17 Jul, 2026 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symfony UX: Information exposure via unescaped LIKE wildcards in EntitySearchUtil

Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0 until 2.36.0 and 3.1.0, Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause() builds the LIKE expression used by the autocomplete endpoint by wrapping the client-supplied query in %...% without escaping SQL LIKE wildcards (%, _, \), allowing unauthenticated users to turn the public BaseEntityAutocompleteType endpoint into a broad matcher or blind boolean oracle against every column in default searchable_fields. This issue is fixed in versions 2.36.0 and 3.1.0.

Action-Not Available
Vendor-symfony
Product-ux
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-55417
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.25% / 16.16%
||
7 Day CHG~0.00%
Published-07 Jul, 2026 | 20:02
Updated-10 Jul, 2026 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Chevereto private profile setting leaks username on /json endpoint

Chevereto is a self-hosted media-sharing platform. Starting in version 3.7.5 and prior to version 4.5.4, when a user enables the private profile option, visiting their profile HTML route (`/username`) correctly returns 404. However, the `/json` AJAX listing endpoint does not apply the same check. An unauthenticated caller who knows the target's user ID can retrieve all of that user's publicly-scoped images, revealing the username (which should be private). This is patched in Chevereto v4.5.4. No known workarounds are available.

Action-Not Available
Vendor-chevereto
Product-rodber/chevereto-freecheveretochevereto/chevereto
CWE ID-CWE-862
Missing Authorization
CVE-2026-52837
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.35% / 27.49%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 14:48
Updated-14 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Easy!Appointments has unauthenticated customer PII disclosure on booking reschedule page

Easy!Appointments is a self hosted appointment scheduler. In versions up to and including 1.5.2, the booking reschedule view at `/index.php/booking/reschedule/{appointment_hash}` (handled by `Booking::index()`) embeds the entire customer record as inline JavaScript (`const vars = {... "customer_data": {...}, ...}`) without authentication and without field whitelisting. Anyone in possession of the 12-character `appointment_hash` — which appears in plain text in reschedule emails, confirmation page URLs, and operator-side calendar links — can read every column of that customer's row in the `ea_users` table. Version 1.6.0 contains a patch.

Action-Not Available
Vendor-alextselegidis
Product-easyappointments
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-6826
Matching Score-4
Assigner-Concrete CMS
ShareView Details
Matching Score-4
Assigner-Concrete CMS
CVSS Score-6.9||MEDIUM
EPSS-0.25% / 16.29%
||
7 Day CHG~0.00%
Published-21 May, 2026 | 20:55
Updated-26 May, 2026 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Concrete 9.5.0 and below has file usage disclosure via missing permission check in Usage controller

Concrete CMS 9.5.0 and below  is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller.  Any unauthenticated visitor can request /ccm/system/dialogs/file/usage/{fID} with any file ID and receive a list of every page that references that file, including page IDs, handles, and full URLs. This includes pages that are otherwise restricted by permissions.The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.9 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks Eldudareeno for reporting.

Action-Not Available
Vendor-concretecmsConcrete CMS
Product-concrete_cmsConcrete CMS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-50244
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.22% / 12.63%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 18:21
Updated-12 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Naxclow IoT Platform Missing Authorization

The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water counter value for the batch, allowing callers to measure and enumerate the active device space. The endpoint’s behavior enables precise fleet enumeration.

Action-Not Available
Vendor-Naxclow
Product-ix camX Smart HomeV720Smart Doorbell X3
CWE ID-CWE-862
Missing Authorization
CVE-2024-52285
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.43% / 34.98%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:47
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.8), SiPass integrated ACC-AP (All versions < V6.4.8). Affected devices expose several MQTT URLs without authentication. This could allow an unauthenticated remote attacker to access sensitive data.

Action-Not Available
Vendor-Siemens AG
Product-SiPass integrated ACC-APSiPass integrated AC5102 (ACC-G2)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-5230
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-18.77% / 96.96%
||
7 Day CHG~0.00%
Published-23 May, 2024 | 02:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EnvaySoft FleetCart information disclosure

A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument razorpayKeyId leads to information disclosure. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-265981 was assigned to this vulnerability.

Action-Not Available
Vendor-EnvaySoftenvaysoft
Product-FleetCartfleetcart
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-47379
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.25% / 16.63%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 20:17
Updated-24 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NocoDB: Plaintext Password Comparison in Shared Views

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality (===) comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. This vulnerability is fixed in 2026.05.1.

Action-Not Available
Vendor-nocodb
Product-nocodb
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-203
Observable Discrepancy
CVE-2026-45577
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.25% / 16.16%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 16:53
Updated-01 Jun, 2026 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass

Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolve unauthenticated requests as the local development user, making the hosted Inspector and related API surface reachable without credentials. This vulnerability is fixed in 0.11.1.

Action-Not Available
Vendor-markmhendrickson
Product-neotoma
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-45080
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.25% / 16.16%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 15:30
Updated-02 Jun, 2026 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Klaw: Improper Access Control Allows Disclosure of Password Hash

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4.

Action-Not Available
Vendor-Aiven
Product-klaw
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2026-45248
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.36% / 27.81%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 21:36
Updated-14 Jul, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hedera Guardian Authentication Bypass Information Disclosure

Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication credentials to obtain usernames, Hedera DIDs, parent registry DIDs, system roles, and policy role assignments for all registered users in the system.

Action-Not Available
Vendor-hederahashgraph
Product-guardianguardian
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-44206
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.31% / 23.17%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 14:34
Updated-12 Jun, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe: DB Schema Enumeration via Frappe-Authorization-Source

Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an endpoint. This issue has been patched in versions 15.107.2 and 16.17.4.

Action-Not Available
Vendor-frappe
Product-frappe
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-40584
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.28% / 19.57%
||
7 Day CHG~0.00%
Published-Not Available
Updated-27 Apr, 2026 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web/api/genericapi.py. Because the code removes elements from a list while iterating over it, entries marked as private may be unintentionally retained in API responses, allowing unauthorized disclosure of non-public location information. This vulnerability is fixed in 1.9.0.

Action-Not Available
Vendor-ransomlook
Product-ransomlook
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-39351
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.26% / 17.23%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 18:52
Updated-10 Apr, 2026 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe allows unrestricted Doctype access via API exploit

Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access via API exploit.

Action-Not Available
Vendor-frappefrappe
Product-frappefrappe
CWE ID-CWE-862
Missing Authorization
CVE-2026-34411
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.39% / 30.94%
||
7 Day CHG~0.00%
Published-27 Mar, 2026 | 16:24
Updated-14 Jul, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256 hashes of admin email domains for reconnaissance and targeted attack planning.

Action-Not Available
Vendor-appsmithAppsmith
Product-appsmithAppsmith
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-34999
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.42% / 33.86%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 13:30
Updated-14 Jul, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenViking 0.2.5 < 0.2.14 Bot Proxy Endpoints Allow Unauthenticated Access

OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot proxy functionality by sending requests to the POST /bot/v1/chat and POST /bot/v1/chat/stream endpoints. Attackers can bypass authentication checks and interact directly with the upstream bot backend through the OpenViking proxy without providing valid credentials.

Action-Not Available
Vendor-volcengineVolcengine
Product-openvikingOpenViking
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-50790
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.73% / 49.97%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 22:41
Updated-04 Mar, 2026 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Radio Stream Disclosure

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream details without requiring authentication.

Action-Not Available
Vendor-sound4SOUND4 Ltd.Kantar Media
Product-pulsebig_voice4_firmwarefirstpulse_firmwarewm2pulse_eco_firmwareimpact_ecoimpact_eco_firmwarebig_voice4stream_extensionwm2_firmwarefirst_firmwareimpactbig_voice2impact_firmwarepulse_ecobig_voice2_firmwareBigVoice4BigVoice2Impact/Pulse EcoWM2StreamImpact/Pulse/First
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-11672
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-6.9||MEDIUM
EPSS-0.34% / 26.43%
||
7 Day CHG~0.00%
Published-13 Oct, 2025 | 07:32
Updated-14 Oct, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EBM Technologies|Uniweb/SoliPACS WebServer - Missing Authentication

Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names.

Action-Not Available
Vendor-EBM Technologies
Product-Uniweb/SoliPACS WebServer
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-47136
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.31% / 23.06%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 18:30
Updated-29 May, 2026 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RustFS: Unauthenticated RustFS console license endpoint exposes license metadata

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license information such as the license subject and expiration timestamp. Any client that can reach the console listener can query this endpoint without credentials. This vulnerability is fixed in 1.0.0-beta.2.

Action-Not Available
Vendor-rustfs
Product-rustfs
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-32098
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.29% / 20.80%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 19:57
Updated-13 Mar, 2026 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Parse Server has a protected fields bypass via LiveQuery subscription WHERE clause

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.9 and 8.6.35, an attacker can exploit LiveQuery subscriptions to infer the values of protected fields without directly receiving them. By subscribing with a WHERE clause that references a protected field (including via dot-notation or $regex), the attacker can observe whether LiveQuery events are delivered for matching objects. This creates a boolean oracle that leaks protected field values. The attack affects any class that has both protectedFields configured in Class-Level Permissions and LiveQuery enabled. This vulnerability is fixed in 9.6.0-alpha.9 and 8.6.35.

Action-Not Available
Vendor-parseplatformparse-community
Product-parse-serverparse-server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-31983
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.24% / 14.33%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 07:22
Updated-10 Jul, 2026 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing authentication in SSH keys synchronization endpoint in Guardian/CMC before 26.2.0

A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH keys.

Action-Not Available
Vendor-nozominetworksNozomi Networks
Product-cmcguardianCMCGuardian
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-32265
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.34% / 26.56%
||
7 Day CHG~0.00%
Published-18 Mar, 2026 | 03:28
Updated-16 Apr, 2026 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Amazon S3 for Craft CMS has an Information Disclosure vulnerability

The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The `BucketsController->actionLoadBucketData()` endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Users should update to version 2.2.5 of the plugin to mitigate the issue.

Action-Not Available
Vendor-craftcms
Product-aws-s3
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-42493
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.31% / 23.27%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 17:23
Updated-29 Aug, 2024 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dorsett Controls InfoScan Exposure of Sensitive Information To An Unauthorized Actor

Dorsett Controls InfoScan is vulnerable due to a leak of possible sensitive information through the response headers and the rendered JavaScript prior to user login.

Action-Not Available
Vendor-dorsettcontrolsDorsett Controlsdorsettcontrols
Product-infoscanInfoScaninfoscan
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-28767
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.38% / 29.90%
||
7 Day CHG~0.00%
Published-03 Apr, 2026 | 20:18
Updated-22 Apr, 2026 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gardyn Cloud API Missing Authentication for Critical Function

A specific administrative endpoint notifications is accessible without proper authentication.

Action-Not Available
Vendor-mygardynGardyn
Product-cloud_apiCloud API
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-28559
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.34% / 25.85%
||
7 Day CHG~0.00%
Published-28 Feb, 2026 | 21:47
Updated-11 May, 2026 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wpForo Forum 2.4.14 Information Disclosure via Global RSS Feed

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that are only applied when a specific forum ID is present in the query.

Action-Not Available
Vendor-gvectorsgVectors Team
Product-wpforo_forumwpForo Forum
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-8461
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-1.85% / 76.78%
||
7 Day CHG~0.00%
Published-05 Sep, 2024 | 12:31
Updated-12 Sep, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DNS-320 Web Management Interface discovery.cgi information disclosure

A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

Action-Not Available
Vendor-D-Link Corporation
Product-dns-320_firmwaredns-320DNS-320dns-320
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-7842
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.98% / 58.19%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 21:31
Updated-18 Feb, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Graduate Tracer System export_it.php information disclosure

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Graduate Tracer System 1.0. This issue affects some unknown processing of the file /tracking/admin/export_it.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-tamparongj03SourceCodestertamparongj_03
Product-online_graduate_tracer_systemOnline Graduate Tracer Systemonline_graduate_tracer_system
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-7339
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-32.03% / 98.12%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 04:00
Updated-20 Dec, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TVT DVR TD-2104TS-CL queryDevInfo information disclosure

A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-provision-isrtvtTVTtvt
Product-td-2108ts-hp_firmwareavision_av108t_firmwaretd-2104ts-clsh-4050a5-5l\(mm\)_firmwaretd-2104ts-cl_firmwaresh-4050a5-5l\(mm\)td-2108ts-hpavision_av108tProvision-ISR DVR SH-4050A5-5L(MM)DVR TD-2104TS-CLDVR TD-2108TS-HPAVISION DVR AV108Tdvr_td_2018ts_hpprovision_isr_dvr_sh_4050a5_5l\/mm\/dvr_td_2014ts_clavision_dvr_av108t
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-8001
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.73% / 50.16%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 09:47
Updated-09 Jan, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
VIWIS LMS Print authorization

A vulnerability was found in VIWIS LMS 9.11. It has been classified as critical. Affected is an unknown function of the component Print Handler. The manipulation leads to missing authorization. It is possible to launch the attack remotely. A user with the role learner can use the administrative print function with an active session before and after an exam slot to access the entire exam including solutions in the web application. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-viwisVIWISviwis
Product-learning_management_systemLMSlms
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-7843
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.98% / 58.19%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 22:31
Updated-18 Feb, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Graduate Tracer System exportcs.php information disclosure

A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file /tracking/admin/exportcs.php. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-tamparongj03SourceCodestertamparongj_03
Product-online_graduate_tracer_systemOnline Graduate Tracer Systemonline_graduate_tracer_system
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-7156
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-13.34% / 95.97%
||
7 Day CHG~0.00%
Published-28 Jul, 2024 | 10:31
Updated-08 Aug, 2024 | 12:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A3700R apmib Configuration ExportSettings.sh information disclosure

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/ExportSettings.sh of the component apmib Configuration Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-a3700ra3700r_firmwareA3700Ra3700r_firmware
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found