Lucene search
K

10 matches found

OSV
OSV
added 2026/05/14 9:30 p.m.11 views

GHSA-4G9M-RFFV-H6WQ Crabbox: authentication bypass vulnerability that allows impersonation of others by spoofing identity headers

Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers can inject malicious X-Crabbox-Owner and X-Crabbox-Org headers in requests authenticated with a...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/10 12:44 p.m.10 views

CVE-2021-47946

OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accou...

6.9CVSS5.7AI score0.00151EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

OpenCart 跨站请求伪造漏洞

OpenCart is an open-source e-commerce system developed by the OpenCart team in China. This system provides modules for product reviews, product ratings, and product addition. Version 3.0.36 of OpenCart has a cross-site request forgeing vulnerability. This vulnerability stems from the /account/edi...

6.9CVSS5.7AI score0.00151EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/02/11 11:33 a.m.4 views

CVE-2026-0595

Removed by vendor...

7.3CVSS5.8AI score0.00217EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.3 views

PT-2026-7524

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.9 through 18.6.6 GitLab CE/EE versions 18.7 through 18.7.4 GitLab CE/EE versions 18.8 through 18.8.4 Description An issue exists in GitLab CE/EE where an authenticated user could potentially add unauthorized email...

7.3CVSS5.3AI score0.00217EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-27287

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00565EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:5 a.m.9 views

CVE-2024-29891

ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim's account in certain scenarios. A possible victim would need to directly open the supposed image in th...

8.7CVSS6.8AI score0.0076EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/01 12:0 a.m.3 views

Directus Security Vulnerabilities

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 10.8.3, which stems from a vulnerability that allows an attacker to receive password reset emails from victimized users...

8.2CVSS6.8AI score0.00702EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.6 views

memos 安全漏洞

memos is an open source hosted memo center with knowledge management and social features. A security vulnerability exists in versions of memos prior to 0.9.1, which stems from a vulnerability that allows an attacker to add malicious tags to a vitim account...

8.6CVSS7.2AI score0.00586EPSS
Exploits1References3
Huntr
Huntr
added 2021/09/06 12:48 p.m.9 views

Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver

✍️ Description stored xss bug via link in store 🕵️‍♂️ Proof of Concept 1. goto https://mainnet.demo.btcpayserver.org/stores and create a store .\ 2. Now open that store using url https://mainnet.demo.btcpayserver.org/stores/BuBNcrh8vpu4sMcTikqXoP5pXU49hvoFDyqAoA46Tns2 and change website link to...

0.5AI score
Exploits0
Rows per page
Query Builder