{"uuid": "c0f4fa59-05cf-4ca8-9c53-0391fcd5b538", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-30693", "type": "seen", "source": "https://gist.github.com/GaniiGanesh/82723ef74e1e113debe67fd45738ccd5", "content": "CVE-2026-30693\n\nVendor:\nMeetmux\n\nProduct:\nMeetmux Web Application\n\nVulnerability Type:\nIncorrect Access Control\n\nAffected Component:\nBackend REST API endpoint /api/vender\n\nAttack Type:\nRemote\n\nDescription:\nAn improper access control vulnerability exists in the Meetmux web application where a backend API endpoint exposes sensitive vendor registration data without authentication. Vendor information is submitted through a public registration page; however, the corresponding API endpoint allows remote unauthenticated attackers to retrieve registered vendor records, including personally identifiable information, by directly accessing the /api/vender endpoint hosted on vender-server.vercel.app.\n\nAttack Vector:\nA remote unauthenticated attacker can send an HTTP GET request to the backend API endpoint /api/vender hosted on vender-server.vercel.app to retrieve registered vendor data without authorization.\n\nImpact:\nUnauthorized disclosure of sensitive vendor information.\n\nDiscoverer:\nGanesh S\n\nDisclosure Status:\nVendor contacted responsibly prior to publication.", "creation_timestamp": "2026-05-07T05:51:21.000000Z"}