Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1609 matches found

EUVD
EUVDadded 2026/04/23 12:31 p.m.11 views

EUVD-2026-25203

A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error...

7.1CVSS5.7AI score0.00226EPSS
Exploits0References2
NVD
NVDadded 2026/04/23 10:16 a.m.6 views

CVE-2026-3259

A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error...

7.1CVSS0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/23 8:35 a.m.3 views

CVE-2026-3259

A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error...

7.1CVSS5.7AI score0.00226EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/23 8:35 a.m.6 views

CVE-2026-3259 Sensitive Data Disclosure in BigQuery via Materialized View Error Messages

A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error...

7.1CVSS5.2AI score0.00226EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/04/23 12:0 a.m.7 views

Google BigQuery 安全漏洞

Google BigQuery is a cloud data warehouse service provided by Google Inc., designed for large-scale data analysis and high-performance query processing. There is a security vulnerability in Google BigQuery. This vulnerability stems from the materialized view refresh mechanism, which generates err...

7.1CVSS5.8AI score0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/23 12:0 a.m.7 views

PT-2026-34647

A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error...

7.1CVSS5.7AI score0.00226EPSS
Exploits0References2
Snyk
Snykadded 2026/04/17 10:42 p.m.10 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

6.1CVSS5.5AI score0.00209EPSS
Exploits0References2
Snyk
Snykadded 2026/04/17 10:42 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

6.1CVSS5.5AI score0.00209EPSS
Exploits0References2
Snyk
Snykadded 2026/04/17 10:42 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

6.1CVSS5.5AI score0.00209EPSS
Exploits0References2
Snyk
Snykadded 2026/04/17 10:42 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

6.1CVSS5.9AI score0.00209EPSS
Exploits0References2
Snyk
Snykadded 2026/04/17 10:42 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

6.1CVSS5.9AI score0.00209EPSS
Exploits0References2
Snyk
Snykadded 2026/04/17 10:42 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

6.1CVSS5.9AI score0.00209EPSS
Exploits0References2
CVE
CVEadded 2026/04/17 8:56 p.m.11 views

CVE-2026-40302

CVE-2026-40302 affects zrok prior to v2.0.1. The proxyUi template engine used Go's text/template (no HTML escaping), leading to reflected XSS via an attacker-controlled refreshInterval error rendered in the GitHub OAuth callback. An attacker can send a crafted login URL; after OAuth completes, th...

6.1CVSS5.8AI score0.00209EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2026/04/17 12:0 a.m.6 views

zrok 安全漏洞

Zrok is a secure internet sharing tool developed by OpenZiti. Versions of Zrok prior to 2.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of the text/template template engine without proper escaping of the refreshInterval parameter, which could lead to cross-sit...

6.1CVSS5.6AI score0.00209EPSS
Exploits0References1
Snyk
Snykadded 2026/04/16 9:52 p.m.8 views

Missing Authentication for Critical Function

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the public-chatbotConfig and oauth2-credential/refresh endpoints. An attacker can obtain OAuth 2.0 access tokens for third-party services by retrieving...

10CVSS5.5AI score0.00308EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2026/04/16 9:52 p.m.6 views

Flowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow in Flowise

Summary Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated with a public chatflow. By accessing a public chatflow configuration endpoint, an attacker can retrieve internal workflow data, including OAuth...

8.2CVSS5.8AI score0.00308EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blogadded 2026/04/16 9:8 p.m.5 views

zrok: Reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering

Summary The proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the attacker-controlled refreshInterval query parameter verbatim into an error message when...

6.1CVSS5.9AI score0.00209EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologiesadded 2026/04/16 12:0 a.m.6 views

PT-2026-33378

Name of the Vulnerable Software and Affected Versions zrok versions prior to 2.0.1 Description The proxyUi template engine utilizes Go's text/template, which does not perform HTML escaping, rather than html/template. The GitHub OAuth callback handlers in 'publicProxy' and 'dynamicProxy' embed the...

6.1CVSS6AI score0.00209EPSS
Exploits0References7
Github Security Blog
Github Security Blogadded 2026/04/14 10:49 p.m.8 views

WWBN AVideo has an IDOR in Live Restreams list.json.php Exposes Other Users' Stream Keys and OAuth Tokens

Summary The endpoint plugin/Live/view/Liverestreams/list.json.php contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user with streaming permission to retrieve other users' live restream configurations, including third-party platform stream keys and OAut...

6.5CVSS6AI score0.00269EPSS
Exploits1References4Affected Software1
Veeam
Veeamadded 2026/04/13 12:0 a.m.14 views

How to Deploy Veeam Backup for Salesforce External Client App

Purpose This article documents how to create an External Client App ECA in Salesforce to integrate with Veeam Backup for Salesforce via Salesforce API. An ECA with proper permissions is required for Veeam Backup for Salesforce to integrate with Salesforce API using the OAuth 2.0 protocol. Solutio...

5.7AI score
Exploits0
Rows per page
Query Builder