CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

70 matches found

OSSF Malicious Packages•added 2 days ago•6 views

Malicious code in mcp-server-notion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0423928197ec83ac273fa4a1b66d9e75398b956e7d5027014ff6326c552a46c2 Package occupies the unscoped name mcp-server-notion to catch misrouted installs of the scoped MCP Notion server. package.json declares "postinstall"...

5.5AI score

Exploits0References1

vulnersOsv•added 2026/05/16 3:26 p.m.•1 views

an-website (>=24.12.0 <=25.2.0), graphtomation (>=0.0.6 <=0.2.0) +5 more potentially affected by CVE-2021-47952 via jsonpickle (>=4.0.0 <=4.0.1)

jsonpickle PYPI version =4.0.0, =24.12.0, =0.0.6, =4.0.0, =0.1.0, =0.1.1, =0.5.8, =0.5.9 Source cves: CVE-2021-47952 Source advisory: SNYK:PYTHON-JSONPICKLE-16755449...

9.8CVSS5.4AI score0.004EPSS

Exploits0

Wiz blog•added 2026/02/24 5:15 p.m.•4 views

Security Insights Where Work Happens: Notion Custom Agents + Wiz MCP

Bring Wiz cloud security insights into your Notion workspace with Custom Agents — enabling automated reporting, investigation, and security workflows where teams already work...

5.3AI score

Exploits0

RedhatCVE•added 2026/02/04 7:28 p.m.•3 views

CVE-2026-25020

Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through = 1.7.0...

4.3CVSS5.3AI score0.00048EPSS

Exploits0References1

RedhatCVE•added 2026/02/03 9:19 p.m.•3 views

CVE-2025-69207

Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...

7.1CVSS5.6AI score0.00013EPSS

Exploits1References1

NVD•added 2026/02/03 3:16 p.m.•3 views

CVE-2026-25020

4.3CVSS0.00048EPSS

Exploits0References1

CVE•added 2026/02/03 2:8 p.m.•10 views

CVE-2026-25020

CVE-2026-25020 affects the WordPress WP Sync for Notion plugin up to version 1.7.0. The Red Hat, CVE, NVD, and PT Security entries all describe a Missing Authorization / Broken Access Control vulnerability caused by incorrectly configured access control security levels in WP Sync for Notion, allo...

4.3CVSS5.3AI score0.00048EPSS

Exploits0References1

Cvelist•added 2026/02/03 2:8 p.m.•22 views

CVE-2026-25020 WordPress WP Sync for Notion plugin <= 1.7.0 - Broken Access Control vulnerability

4.3CVSS0.00048EPSS

Exploits0References1

Vulnrichment•added 2026/02/03 2:8 p.m.•3 views

CVE-2026-25020 WordPress WP Sync for Notion plugin <= 1.7.0 - Broken Access Control vulnerability

4.3CVSS5.3AI score0.00048EPSS

Exploits0References1

EUVD•added 2026/02/03 2:8 p.m.•2 views

EUVD-2026-5305

4.3CVSS5.3AI score0.00048EPSS

Exploits0References1

ATTACKERKB•added 2026/02/03 2:8 p.m.•1 views

CVE-2026-25020

4.3CVSS5.3AI score0.00048EPSS

Exploits0References2

CNNVD•added 2026/02/03 12:0 a.m.•4 views

WordPress plugin WP Sync for Notion 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.8AI score0.00048EPSS

Exploits0References1

Positive Technologies•added 2026/02/03 12:0 a.m.•4 views

PT-2026-6251

Name of the Vulnerable Software and Affected Versions WP Sync for Notion versions through 1.7.0 Description An issue exists in WP Sync for Notion where incorrectly configured access control security levels can be exploited, leading to a missing authorization condition. Recommendations Update WP...

4.3CVSS5.4AI score0.00048EPSS

Exploits0References3

NVD•added 2026/02/02 11:16 p.m.•3 views

CVE-2025-69207

7.1CVSS0.00013EPSS

Exploits1References3

Vulnrichment•added 2026/02/02 9:16 p.m.•2 views

CVE-2025-69207 Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning

5.4CVSS5.6AI score0.00013EPSS

Exploits1References3

CVE•added 2026/02/02 9:16 p.m.•12 views

CVE-2025-69207

Khoj has an IDOR vulnerability in the Notion OAuth callback that allows an attacker to hijack a user’s Notion integration by manipulating the state parameter. The callback accepts any user UUID and does not verify the OAuth flow initiated by that user, enabling replacement of victims’ Notion conf...

7.1CVSS5.6AI score0.00013EPSS

Exploits1References3Affected Software1

OSV•added 2026/02/02 9:16 p.m.•2 views

CVE-2025-69207 Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning

5.4CVSS5.6AI score0.00013EPSS

Exploits1References5

ATTACKERKB•added 2026/02/02 9:16 p.m.•2 views

CVE-2025-69207

5.4CVSS5.6AI score0.00013EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/02/02 9:16 p.m.•25 views

CVE-2025-69207 Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning

5.4CVSS0.00013EPSS

Exploits1References3

OSV•added 2026/02/02 5:31 p.m.•3 views

GHSA-6WHJ-7QMG-86QJ Khoj has an IDOR in Notion OAuth Flow that Enables Index Poisoning

Summary An IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims' Notion...

5.4CVSS5.7AI score0.00013EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by