Gitroomhq Postiz-app
9 CVEs affecting Gitroomhq Postiz-app. Latest disclosed: 2026-05-08. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42298 | Critical | 10.0 | 2026-05-08 | Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow (.github… |
CVE-2026-42556 | High | 8.9 | 2026-05-08 | Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HT… |
CVE-2026-40487 | High | 8.9 | 2026-04-18 | Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML… |
CVE-2026-34577 | High | 8.6 | 2026-04-02 | Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the GET /public/stream endpoint in PublicController accepts a user-supplied url query pa… |
CVE-2026-40168 | High | 8.2 | 2026-04-10 | Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the in… |
CVE-2025-53641 | High | 8.2 | 2025-07-11 | Postiz is an AI social media scheduling tool. From 1.45.1 to 1.62.3, the Postiz frontend application allows an attacker to inject arbitrary HTTP headers into t… |
CVE-2026-42346 | Medium | 6.5 | 2026-05-08 | Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4–v2.21.6 share a fundamental T… |
CVE-2026-34590 | Medium | 5.4 | 2026-04-02 | Postiz is an AI social media scheduling tool. Prior to version 2.21.4, the POST /webhooks/ endpoint for creating webhooks uses WebhooksDto which validates the… |
CVE-2026-34576 | | 2026-04-02 | Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST /public/v1/upload-from-url endpoint accepts a user-supplied URL and fetches it… |