Multi Juicer

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-48518 MEDIUM PATCH This Month

{team}/join), exploiting the fact that text/plain Content-Type does not trigger a CORS preflight check. In CTF deployments this allows score inflation by forcing victims to solve Juice Shop challenges credited to the attacker's team; any sensitive data entered by the victim is also captured in the attacker's Juice Shop instance. No public exploit identified at time of analysis, and a vendor-released patch is available in version 10.0.1.

CSRF Kubernetes Information Disclosure Multi Juicer

NVD GitHub

CVSS 3.1

4.3

EPSS

0.2%

CVE-2026-48518

EPSS 0% CVSS 4.3

MEDIUM PATCH This Month

{team}/join), exploiting the fact that text/plain Content-Type does not trigger a CORS preflight check. In CTF deployments this allows score inflation by forcing victims to solve Juice Shop challenges credited to the attacker's team; any sensitive data entered by the victim is also captured in the attacker's Juice Shop instance. No public exploit identified at time of analysis, and a vendor-released patch is available in version 10.0.1.

CSRF Kubernetes Information Disclosure +1

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy