Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/02/03 9:19 p.m.3 views

CVE-2025-69207

Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...

7.1CVSS5.6AI score0.00013EPSS
Exploits1References1
CVE
CVEadded 2026/02/03 2:8 p.m.7 views

CVE-2026-25020

CVE-2026-25020 affects the WordPress WP Sync for Notion plugin up to version 1.7.0. The Red Hat, CVE, NVD, and PT Security entries all describe a Missing Authorization / Broken Access Control vulnerability caused by incorrectly configured access control security levels in WP Sync for Notion, allo...

4.3CVSS5.3AI score0.00039EPSS
Exploits0References1
OSV
OSVadded 2026/02/02 9:16 p.m.1 views

CVE-2025-69207 Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning

Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...

5.4CVSS5.6AI score0.00013EPSS
Exploits1References5
CVE
CVEadded 2026/02/02 9:16 p.m.10 views

CVE-2025-69207

Khoj has an IDOR vulnerability in the Notion OAuth callback that allows an attacker to hijack a user’s Notion integration by manipulating the state parameter. The callback accepts any user UUID and does not verify the OAuth flow initiated by that user, enabling replacement of victims’ Notion conf...

7.1CVSS5.6AI score0.00013EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/02 9:16 p.m.1 views

CVE-2025-69207

Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...

5.4CVSS5.6AI score0.00013EPSS
Exploits1References4Affected Software1
Snyk
Snykadded 2026/02/02 5:31 p.m.1 views

Missing Authorization

Overview khoj is a Your Second Brain Affected versions of this package are vulnerable to Missing Authorization in the OAuth callback endpoint. An attacker can gain unauthorized access to and manipulate another user's Notion integration by supplying a known UUID in the state parameter, which can b...

7.1CVSS5.5AI score0.00013EPSS
Exploits1References2
Patchstack
Patchstackadded 2023/07/18 12:0 a.m.4 views

WordPress Notionify - WordPress, WooCommerce, Contact form 7 integration with notion. Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Notionify - WordPress, WooCommerce, Contact form 7 integration with notion. Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership...

6.8AI score
Exploits0References2Affected Software1
Rows per page
Query Builder