Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

29 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2021-16062

Malware in sbrugna...

8CVSS6.6AI score0.00806EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.5 views

EUVD-2021-32951

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00553EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2021-32950

Malicious code in bioql PyPI...

10CVSS8.7AI score0.01036EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.6 views

EUVD-2021-32949

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.00633EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 9:23 p.m.10 views

CVE-2021-29437

ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for Scratch username. 3. 3rd party site pretends to be us...

8CVSS7AI score0.00806EPSS
Exploits0References1
NVD
NVDadded 2022/02/15 11:15 p.m.22 views

CVE-2021-46251

A reflected cross-site scripting XSS in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

6.1CVSS0.00553EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2022/02/15 11:15 p.m.4 views

CVE-2021-46251

A reflected cross-site scripting XSS in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

6.1CVSS6.4AI score0.00553EPSS
Exploits0References2
OSV
OSVadded 2022/02/15 11:15 p.m.19 views

CVE-2021-46251

A reflected cross-site scripting XSS in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

6.1CVSS6.1AI score
Exploits0References1
OSV
OSVadded 2022/02/15 11:15 p.m.13 views

CVE-2021-46250

An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other users on downstream components that rely on ScratchOAuth2...

10CVSS7AI score
Exploits0References1
NVD
NVDadded 2022/02/15 11:15 p.m.9 views

CVE-2021-46249

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps...

6.5CVSS0.00633EPSS
Exploits0References1
NVD
NVDadded 2022/02/15 11:15 p.m.14 views

CVE-2021-46250

An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other users on downstream components that rely on ScratchOAuth2...

10CVSS0.01036EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2022/02/15 11:15 p.m.4 views

CVE-2021-46249

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps...

6.5CVSS6.6AI score0.00633EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2022/02/15 11:15 p.m.5 views

CVE-2021-46250

An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other users on downstream components that rely on ScratchOAuth2...

10CVSS7.8AI score0.01036EPSS
Exploits0References2
Prion
Prionadded 2022/02/15 11:15 p.m.10 views

Cross site scripting

A reflected cross-site scripting XSS in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

4.3CVSS5.9AI score0.00553EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2022/02/15 11:15 p.m.15 views

Authorization

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps...

4CVSS6.4AI score0.00633EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2022/02/15 10:13 p.m.17 views

CVE-2021-46251

A reflected cross-site scripting XSS in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

6.1CVSS6.1AI score0.00553EPSS
Exploits0References1
CVE
CVEadded 2022/02/15 10:13 p.m.84 views

CVE-2021-46251

ScratchOAuth2 is affected by a reflected XSS vulnerability disclosed as CVE-2021-46251. The issue lies in the POST request handling before commit 1603f04e44ef67dde6ccffe866d2dca16defb293, where insufficient input validation/filtering allows an attacker to inject and execute arbitrary web scripts ...

6.1CVSS5.9AI score0.00553EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2022/02/15 10:13 p.m.96 views

CVE-2021-46250

The CVE-2021-46250 entry concerns ScratchOAuth2, specifically its SOA2Login::commented path prior to commit a91879bd58fa83b09283c0708a1864cdf067c64a, which allows an attacker to authenticate as other users on downstream components relying on ScratchOAuth2. The vulnerability’s impact is described ...

10CVSS9.3AI score0.01036EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2022/02/15 10:13 p.m.17 views

CVE-2021-46249

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps...

6.5CVSS6.7AI score0.00633EPSS
Exploits0References1
CVE
CVEadded 2022/02/15 10:13 p.m.92 views

CVE-2021-46249

The CVE-2021-46249 issue is an authorization bypass in ScratchOAuth2’s SpecificApps REST API that can be exploited via a user-controlled key to let app owners set flags indicating an app is verified. Root cause: API-level authorization bypass enabling modification of verification status without p...

6.5CVSS6.4AI score0.00633EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder