Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/06/23 5:36 p.m.35 views

CVE-2026-53662 immich: One-click account takeover via XSS in login page continue redirect

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting XSS vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The contin...

9.6CVSS0.00235EPSS
Exploits0References2
Imperva Blog
Imperva Blog
added 2026/05/18 11:0 a.m.36 views

Dify: When Your AI Platform Becomes the Attack Surface

Executive Summary We identified a couple of vulnerabilities in AI automation platform Dify resulting in cross-tenant sensitive information disclosure and one-click account takeover. These findings reinforce the pattern we documented in our previous n8n blogpost: even though AI automation platform...

6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.8 views

PT-2026-26617

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its page creating functionality. An authenticated attacker with page creation privileges such as Author, Editor, or Administrator can embed a malicious JavaScript payload in the tags field of a newly created article. This payload will be...

5.1CVSS5.8AI score0.00161EPSS
Exploits0References5
OSV
OSV
added 2026/02/19 1:21 p.m.3 views

OPENSUSE-SU-2026:20257-1 Security update for python-Authlib

This update for python-Authlib fixes the following issues: Changes in python-Authlib: - CVE-2025-68158: Fixed 1-click account takeover in applications that use the Authlib library bsc1256414...

8.8CVSS5.8AI score0.00237EPSS
Exploits1References2
OSV
OSV
added 2025/02/24 8:49 p.m.2 views

GHSA-VP58-J275-797X Better Auth allows bypassing the trustedOrigins Protection which leads to ATO

Summary A bypass was discovered in the trustedOrigins validation logic—affecting both absolute URL entries and wildcard domain patterns. This flaw allows an attacker to construct a malicious callbackURL that passes origin checks and triggers an open redirect. Because redirect endpoints include...

7.1CVSS5.9AI score
Exploits0References4
Rows per page
Query Builder