VYPR

Postiz App

by Postiz Solutions

Source repositories

CVEs (4)

  • CVE-2026-42298CriMay 8, 2026
    risk 0.58cvss 10.0epss 0.01

    Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow (.github/workflows/pr-docker-build.yml) allows any unauthenticated user to execute arbitrary code during the Docker build…

  • CVE-2026-42556HigMay 8, 2026
    risk 0.51cvss 8.9epss 0.00

    Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their own save request and send the public preview link /p/?share=true to…

  • CVE-2026-40487HigApr 18, 2026
    risk 0.51cvss 8.9epss 0.00

    Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML, SVG, or other executable file types to the server by spoofing the `Content-Type` header. The uploaded files are then…

  • CVE-2026-40168HigApr 10, 2026
    risk 0.46cvss 8.2epss 0.00

    Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct private/internal hosts, it does not re-validate the final destination after HTTP…