fullstep 漏洞与 CVE 列表(2)

产品(CPE): — CVE 数: 2

fullstep 漏洞概览

fullstep 相关的公开 CVE 漏洞与安全风险信息,提供 CVSS、EPSS、公开时间与漏洞情报数据,帮助评估潜在风险与修复优先级。

漏洞分布趋势(近 24 个月)

显示 122 CVE 数
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2026-5750 An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from: '/api/suppliers/v1/suppliers//false' to list user information; and '/#/supplier-registration/supplier-registration//2' to update your user information (personal details, documents, etc.). [email protected] 7.6 0.21% 2026-04-22 2026-06-17
CVE-2026-5749 Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise the confidentiality of the affected resource, provided they have a valid token with which to interact with the API. [email protected] 8.7 0.27% 2026-04-22 2026-06-17
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
cvelogic Threat Intelligence