Vulnerabilities in gitroomhq
11 resultsCVE-2026-42298CRITICALPostiz: Arbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.devEPSS 0.5%CVE-2026-34577HIGHPostiz: Unauthenticated Full-Read SSRF via /public/stream Endpoint with Trivially Bypassable Extension CheckEPSS 0.5%CVE-2026-40168HIGHPostiz has Server-Side Request Forgery via Redirect Bypass in /api/public/streamEPSS 0.4%CVE-2026-34576HIGHPostiz: SSRF in upload-from-url endpoint allows fetching internal resources and cloud metadataEPSS 0.3%CVE-2026-42556HIGHPostiz stored XSS in public preview pageEPSS 0.3%CVE-2025-53641HIGHPostiz allows header mutation in middleware facilitates resulting in SSRFEPSS 0.2%CVE-2026-34590MEDIUMPostiz: SSRF via Webhook Creation Endpoint Missing URL Safety ValidationEPSS 0.2%CVE-2026-40487HIGHPostiz Has Unrestricted File Upload via MIME Type Spoofing that Leads to Stored XSSEPSS 0.2%CVE-2026-42346MEDIUMPostiz: TOCTOU DNS rebinding bypasses all SSRF URL validation pathsEPSS 0.2%CVE-2026-48781CRITICALPostiz has cross-tenant SUPERADMIN takeover via Skool-provider JWT forgeryEPSS 0.2%CVE-2026-48783MEDIUMPostiz has an unauthenticated billing-enforcement bypass via /public/modify-subscriptionEPSS 0.2%