29 matches found
CVE-2024-38351 Password auth and OAuth2 unverified email linking
Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register...
CVE-2024-38351
Summary: PocketBase shows a vulnerability where, if both Password and OAuth2 authentication are enabled, a malicious actor could link an unverified email via OAuth2 to an existing user and gain access to that user’s account without changing the password. The attack flow described involves registe...
CVE-2024-38351 Password auth and OAuth2 unverified email linking
Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register...
PocketBase Security Vulnerability
PocketBase is an open source real-time backend for PocketBase Open Source. A security vulnerability exists in Pocketbase versions prior to 0.22.14, which stems from password validation and OAuth2 unverified email links...
CVE-2024-31218
Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Webhood's backend container images in versions 0.9.0 and earlier are subject to Missing Authentication for Critical Function vulnerability. This vulnerability allows an unauthenticated attacker to send a HTTP reques...
CVE-2024-31218 Missing Authentication for Critical Function in Webhood backend
Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Webhood's backend container images in versions 0.9.0 and earlier are subject to Missing Authentication for Critical Function vulnerability. This vulnerability allows an unauthenticated attacker to send a HTTP reques...
CVE-2024-31218
CVE-2024-31218 affects Webhood backend up to version 0.9.0, where the Pocketbase admin API can be invoked unauthenticated to create an admin account when none exists. The issue arises from Missing Authentication for a Critical Function and makes deployments vulnerable unless an admin account alre...
PT-2024-23859 · Webhood +1 · Webhood +1
Name of the Vulnerable Software and Affected Versions: Webhood versions 0.9.0 and earlier Description: Webhood is a self-hosted URL scanner used for analyzing phishing and malicious sites. The vulnerability allows an unauthenticated attacker to send an HTTP request to the database Pocketbase admi...
Webhood 安全漏洞
Webhood is a self-hosted URL scanner for analyzing phishing and malicious websites. A security vulnerability exists in Webhood version 0.9.0 and prior versions, which stems from a vulnerability that allows an unauthenticated attacker to create an administrator account by sending an HTTP request t...