Lucene search
K

6 matches found

OSV
OSV
added 2026/02/02 5:31 p.m.4 views

GHSA-6WHJ-7QMG-86QJ Khoj has an IDOR in Notion OAuth Flow that Enables Index Poisoning

Summary An IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims' Notion...

5.4CVSS5.7AI score0.00361EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/10/04 12:0 a.m.6 views

PT-2024-12113 · Taskcafe · Taskcafe

Name of the Vulnerable Software and Affected Versions: TaskCafe version 0.3.2 Description: The issue is related to a lack of validation in the Cookie value, which allows an unauthenticated attacker who knows a registered UserID to change the password of that user. This can be exploited by attacke...

9.8CVSS7.2AI score0.00703EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:59 a.m.3 views

SUSE CVE-2016-6190

SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all...

4.3CVSS6.5AI score0.01228EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/04/14 12:0 a.m.6 views

红帽 Red Hat Ceph 授权问题漏洞

Red Hat Ceph is a Linux petabyte-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system without a single point of failure, based on POSIX Portable Operating System Interface, enabling fault-tolerant and seamless data replication. cep...

7.2CVSS7.2AI score0.0211EPSS
Exploits0References21
PyPA
PyPA
added 2021/03/23 4:15 p.m.6 views

PYSEC-2021-31

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information...

6.5CVSS6.6AI score0.01457EPSS
Exploits0References5Affected Software1
securityvulns
securityvulns
added 2003/10/23 12:0 a.m.29 views

Oracle buffer overflow

Command line buffer overflow allows to obtain oracle uid...

4.3AI score
Exploits0References1
Rows per page
Query Builder