CVE ID :CVE-2026-48781 Published : June 16, 2026, 9:31 p.m. | 3 hours, 37 minutes ago Description :Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-controlled JSON blob into a session-shape JWT using the application's...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

CVE-2026-48781 - Postiz has cross-tenant SUPERADMIN takeover via Skool-provider JWT forgery

VERWANDTEARTIKEL

UNC3753 Uses Screen-Sharing Sessions and RMM Tools to Exfiltrate Sensitive Legal Data

CISA warnt vor aktiv ausgenutzter cPanel-Schwachstelle in LiteSpeed-Plugin

CVE-2026-25470 - WordPress ACPT (Pro) - Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote Code Execution (RCE) vulnerability

CVE-2026-39598 - WordPress Academy LMS Pro plugin < 3.5.2 - Arbitrary File Upload vulnerability

CVE-2026-49073 - WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability

CVE-2026-48055 - Streambert: Arbitrary File Write (Zip Slip) via Subtitle Extraction