Filtered by vendor Lin-snow
Subscriptions
Filtered by product Ech0
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33638 | 1 Lin-snow | 1 Ech0 | 2026-03-27 | 5.3 Medium |
| Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to version 4.2.0, `GET /api/allusers` is mounted as a public endpoint and returns user records without authentication. This allows remote unauthenticated user enumeration and exposure of user profile metadata. A fix is available in v4.2.0. | ||||
Page 1 of 1.