Lucene search
K

17 matches found

NVD
NVD
added 2026/05/14 5:16 p.m.30 views

CVE-2026-20182

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show...

10CVSS0.88496EPSS
Exploits4References3
EUVD
EUVD
added 2026/04/03 9:31 p.m.4 views

EUVD-2026-18827

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack of URL...

7.7CVSS6AI score0.00301EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/03 8:27 p.m.3 views

CVE-2026-22664

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...

7.7CVSS5.9AI score0.00301EPSS
Exploits1References4
CVE
CVE
added 2026/04/03 8:27 p.m.28 views

CVE-2026-22664

The CVE-2026-22664 issue affects prompts.chat with an SSRF in Fal.ai media status polling prior to commit 30a8f04. Authenticated users can supply attacker-controlled URLs in the token parameter to trigger arbitrary outbound requests, potentially exposing the FAL_API_KEY in the Authorization heade...

7.7CVSS5.3AI score0.00301EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/12/05 10:15 a.m.4 views

CVE-2025-12879

The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the "Import Using CSV File" function. This makes it possible for unauthenticated attackers to elevate user privileges ...

8.8CVSS0.00157EPSS
Exploits0References2
Akamai Blog
Akamai Blog
added 2025/04/28 12:0 p.m.18 views

Combat Rising Account Abuse: Akamai and Ping Identity Partner Up

...

7.3AI score
Exploits0
Akamai Blog
Akamai Blog
added 2024/07/08 1:0 p.m.11 views

Defend Against Account Abuse in Financial Services

Learn how Akamai Account Protector defends against account abuse by distinguishing between legitimate and malicious activities...

7.4AI score
Exploits0
OSV
OSV
added 2023/11/09 6:35 p.m.5 views

GHSA-C35Q-FFPF-5QPM AsyncSSH Rogue Session Attack

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation. Details The rogue session attack targets any SSH client connecting to an AsyncSSH server, on which the attacker must have a shell...

8.1CVSS5.8AI score0.00867EPSS
Exploits0References12
Akamai Blog
Akamai Blog
added 2023/10/19 1:0 p.m.15 views

How Fraudsters Execute Account Opening Abuse

...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2020/10/19 9:54 p.m.19 views

U.S. Dept Of Defense: Reflected XSS www.█████ search form

Description: Reflected XSS vulnerabilities arise when the application accepts a malicious input script from a user and then this is executed in the victim's browser.Since the XSS is reflected, the attacker has to trick the victim into executing the payload, usually using another website. In this...

1AI score
Exploits0
OSV
OSV
added 2018/04/16 9:58 a.m.2 views

CVE-2018-10117

An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP...

8.8CVSS5.8AI score
Exploits0References1
CNVD
CNVD
added 2018/01/23 12:0 a.m.2 views

Bukura App Has Logic Design Flaws

Cloth Warehouse APP is a cloth finding application developed by Guangdong Zhida Textile & Decoration Co. Ltd. specifically for fabric buyers, soft furnishing designers. There is a logical design vulnerability in the Cloth Storage APP, which can be exploited by an attacker to register an arbitrary...

7AI score
Exploits0
CNVD
CNVD
added 2018/01/22 12:0 a.m.2 views

Friend's Home App Has Logic Design Flaws

Friends Home App is a social B&B platform based on acquaintance relationship. There is a logical design vulnerability in the Friend's Home APP, which can be exploited by an attacker to register arbitrary accounts and reset account passwords, leading to account abuse and consumption of service...

6.9AI score
Exploits0
CNVD
CNVD
added 2017/12/14 12:0 a.m.1 views

Verification code leakage vulnerability in the dear APP of Nanjing UAF Network Technology Co.

Dear App is a mobile couple social software. Nanjing UAF Network Technology Co. Dear APP has a verification code leakage vulnerability, which allows an attacker to use any number to register, leading to account abuse and consumption of service resources...

7.1AI score
Exploits0
CNVD
CNVD
added 2017/11/28 12:0 a.m.1 views

Butler Smart App for Android is vulnerable to malicious bulk registrations

The Butler Smart App is a mobile application that goes along with the smart cat eye device. A malicious bulk registration vulnerability exists in Butler Smart APP for Android. An attacker can exploit the vulnerability to register accounts in bulk, leading to account abuse and consumption of servi...

6.8AI score
Exploits0
CNVD
CNVD
added 2017/09/24 12:0 a.m.1 views

Multiple Vulnerabilities in the Memory Bug App

Memory Bug is a memory cloud app that preserves a lifetime of memories. There are logical design, cross-site scripting and directory traversal vulnerabilities in the Memory Bug APP, which allow attackers to successfully register any account, reset account passwords, and insert malicious xxs code ...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2016/06/14 2:21 a.m.20 views

Uber: Brute-Forcing invite codes in partners.uber.com

Hi, //We are going to use this link : https://partners.uber.com/join/?invitecode=xxxxx with GET method. There are options to customize codes, We can do it with only numbers https://partners.uber.com/join/?invitecode=1 to 10000 Or we can use some words with numbers...

0.3AI score
Exploits0
Rows per page
Query Builder