Every CVE whose affected-product data names Gitroom Postiz, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2026-42298 — CVSS 10.0 (critical): Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker…
CVE-2026-40487 — CVSS 8.9 (high): Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to…
CVE-2026-42556 — CVSS 8.9 (high): Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post…
CVE-2026-34577 — CVSS 8.6 (high): Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the GET /public/stream endpoint in PublicController accepts a…
CVE-2026-40168 — CVSS 8.2 (high): Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the…
CVE-2026-34576 — CVSS 7.7 (high): Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST /public/v1/upload-from-url endpoint accepts a user-supplied…
CVE-2026-34590 — CVSS 5.4 (medium): Postiz is an AI social media scheduling tool. Prior to version 2.21.4, the POST /webhooks/ endpoint for creating webhooks uses WebhooksDto…