Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

OSV
OSVadded 2026/03/10 9:3 p.m.2 views

GHSA-WG9X-QFGW-PXHJ Feathers has an OAuth Callback Account Takeover issue

An unauthenticated attacker can send a crafted GET request directly to /oauth/:provider/callback with a forged profile in the query string. The OAuth service's authentication payload has a fallback chain that reaches params.query the raw request query when Grant's session/state responses are empt...

9.3CVSS5.8AI score0.0008EPSS
Exploits0References3
NVD
NVDadded 2026/03/10 8:16 p.m.1 views

CVE-2026-29792

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, an unauthenticated attacker can send a crafted GET request directly to /oauth/:provider/callback with a forged profile in the query string. The OAuth service's...

9.8CVSS0.0008EPSS
Exploits0References1
OSV
OSVadded 2026/02/09 10:26 p.m.2 views

CVE-2026-25893 FUXA Unauthenticated Remote Code Execution via Admin JWT Minting

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to gain administrative access via the heartbeat refresh API and execute arbitrary code on the server. This issue has...

10CVSS6.2AI score0.00146EPSS
Exploits0References4
Rows per page
Query Builder