https://vulnerability.circl.lu/sightings/feed 2026-05-11T23:55:08.759994+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/c0f4fa59-05cf-4ca8-9c53-0391fcd5b538/export 2026-05-11T23:55:09.137473+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "c0f4fa59-05cf-4ca8-9c53-0391fcd5b538", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-30693", "type": "seen", "source": "https://gist.github.com/GaniiGanesh/82723ef74e1e113debe67fd45738ccd5", "content": "CVE-2026-30693\n\nVendor:\nMeetmux\n\nProduct:\nMeetmux Web Application\n\nVulnerability Type:\nIncorrect Access Control\n\nAffected Component:\nBackend REST API endpoint /api/vender\n\nAttack Type:\nRemote\n\nDescription:\nAn improper access control vulnerability exists in the Meetmux web application where a backend API endpoint exposes sensitive vendor registration data without authentication. Vendor information is submitted through a public registration page; however, the corresponding API endpoint allows remote unauthenticated attackers to retrieve registered vendor records, including personally identifiable information, by directly accessing the /api/vender endpoint hosted on vender-server.vercel.app.\n\nAttack Vector:\nA remote unauthenticated attacker can send an HTTP GET request to the backend API endpoint /api/vender hosted on vender-server.vercel.app to retrieve registered vendor data without authorization.\n\nImpact:\nUnauthorized disclosure of sensitive vendor information.\n\nDiscoverer:\nGanesh S\n\nDisclosure Status:\nVendor contacted responsibly prior to publication.", "creation_timestamp": "2026-05-07T05:51:21.000000Z"} 2026-05-07T05:51:21+00:00