Lucene search
K

29 matches found

Vulnrichment
Vulnrichment
added 2024/06/18 5:0 p.m.17 views

CVE-2024-38351 Password auth and OAuth2 unverified email linking

Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register...

5.4CVSS6.6AI score0.00289EPSS
Exploits0References2
CVE
CVE
added 2024/06/18 5:0 p.m.62 views

CVE-2024-38351

Summary: PocketBase shows a vulnerability where, if both Password and OAuth2 authentication are enabled, a malicious actor could link an unverified email via OAuth2 to an existing user and gain access to that user’s account without changing the password. The attack flow described involves registe...

5.4CVSS5.2AI score0.00289EPSS
Exploits0References2
OSV
OSV
added 2024/06/18 5:0 p.m.3 views

CVE-2024-38351 Password auth and OAuth2 unverified email linking

Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register...

5.4CVSS6.7AI score0.00289EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/06/18 12:0 a.m.5 views

PocketBase Security Vulnerability

PocketBase is an open source real-time backend for PocketBase Open Source. A security vulnerability exists in Pocketbase versions prior to 0.22.14, which stems from password validation and OAuth2 unverified email links...

5.4CVSS6.9AI score0.00289EPSS
Exploits0References3
NVD
NVD
added 2024/04/05 3:15 p.m.12 views

CVE-2024-31218

Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Webhood's backend container images in versions 0.9.0 and earlier are subject to Missing Authentication for Critical Function vulnerability. This vulnerability allows an unauthenticated attacker to send a HTTP reques...

9.8CVSS9.6AI score0.00715EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/05 2:45 p.m.17 views

CVE-2024-31218 Missing Authentication for Critical Function in Webhood backend

Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Webhood's backend container images in versions 0.9.0 and earlier are subject to Missing Authentication for Critical Function vulnerability. This vulnerability allows an unauthenticated attacker to send a HTTP reques...

9.8CVSS7.3AI score0.00715EPSS
Exploits0References2
CVE
CVE
added 2024/04/05 2:45 p.m.116 views

CVE-2024-31218

CVE-2024-31218 affects Webhood backend up to version 0.9.0, where the Pocketbase admin API can be invoked unauthenticated to create an admin account when none exists. The issue arises from Missing Authentication for a Critical Function and makes deployments vulnerable unless an admin account alre...

9.8CVSS9.6AI score0.00715EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/05 12:0 a.m.10 views

PT-2024-23859 · Webhood +1 · Webhood +1

Name of the Vulnerable Software and Affected Versions: Webhood versions 0.9.0 and earlier Description: Webhood is a self-hosted URL scanner used for analyzing phishing and malicious sites. The vulnerability allows an unauthenticated attacker to send an HTTP request to the database Pocketbase admi...

9.8CVSS7AI score0.00715EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/04/05 12:0 a.m.4 views

Webhood 安全漏洞

Webhood is a self-hosted URL scanner for analyzing phishing and malicious websites. A security vulnerability exists in Webhood version 0.9.0 and prior versions, which stems from a vulnerability that allows an unauthenticated attacker to create an administrator account by sending an HTTP request t...

9.8CVSS6.8AI score0.00715EPSS
Exploits0References4
Rows per page
Query Builder