Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/02/28 1:54 a.m.2 views

CVE-2026-26861

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-Site Scripting XSS via window.postMessage. The handleCustomHtmlPreviewPostMessageEvent function in src/util/campaignRender/nativeDisplay.js performs insufficient origin validation using the includes method, which can be bypassed ...

8.3CVSS5.9AI score0.00009EPSS
Exploits1References1
Github Security Blog
Github Security Blogadded 2026/02/27 6:31 p.m.5 views

CleverTap Web SDK is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

8.3CVSS5.9AI score0.00021EPSS
Exploits1References7Affected Software1
CVE
CVEadded 2026/02/27 12:0 a.m.7 views

CVE-2026-26862

CVE-2026-26862 affects CleverTap Web SDK

8.3CVSS5.9AI score0.00021EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2025/09/26 10:38 p.m.12 views

CVE-2025-59845

CVE-2025-59845 covers a CSRF flaw in Apollo Studio Embeddable Sandbox and Embeddable Explorer caused by missing origin validation in window.postMessage handling. The issue affects embedded Sandbox/Explorer prior to versions 2.7.2 and 3.7.3, allowing a malicious site to forge messages that trigger...

8.2CVSS7AI score0.00018EPSS
Exploits0References1
OSV
OSVadded 2025/09/26 10:38 p.m.2 views

CVE-2025-59845 Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass

Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...

8.2CVSS7.1AI score0.00018EPSS
Exploits0References3
Snyk
Snykadded 2025/09/26 3:0 p.m.1 views

Cross-site Request Forgery (CSRF)

Overview @apollo/sandbox is a This repo hosts the source for Apollo Studio's Embeddable Sandbox Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via missing origin validation in the window.postMessage process. An attacker can execute unauthorized GraphQL queries...

8.2CVSS7AI score0.00018EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/09/26 12:0 a.m.1 views

Apollo Studio Embeddable Explorer & Embeddable Sandbox 跨站请求伪造漏洞

Apollo Studio Embeddable Explorer & Embeddable Sandbox is an open source vectorization tool for Apollo GraphQL. A cross-site request forgery vulnerability exists in Apollo Studio Embeddable Explorer & Embeddable Sandbox, which stems from a lack of source validation when client code handles the...

8.2CVSS6.6AI score0.00018EPSS
Exploits0References2
Rows per page
Query Builder