Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

wpexploit
wpexploitadded 2023/01/23 12:0 a.m.411 views

Spotlight Social Feeds < 1.4.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Exploit Additional CSS classes for "Spotlight Instagram...

5.4CVSS5.2AI score0.00198EPSS
Exploits2
Prion
Prionadded 2019/04/26 3:29 p.m.10 views

Cross site request forgery (csrf)

The request phase of the OmniAuth Ruby gem 1.9.1 and earlier is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able ...

6.8CVSS6.9AI score0.00425EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2019/04/26 3:29 p.m.1 views

DEBIAN-CVE-2015-9284

The request phase of the OmniAuth Ruby gem 1.9.1 and earlier is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able ...

8.8CVSS6.9AI score0.00425EPSS
Exploits0References1
OSV
OSVadded 2019/04/26 3:29 p.m.0 views

UBUNTU-CVE-2015-9284

The request phase of the OmniAuth Ruby gem 1.9.1 and earlier is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able ...

8.8CVSS5.8AI score0.00425EPSS
Exploits0References5
Hacker One
Hacker Oneadded 2019/04/18 2:16 p.m.41 views

ZEIT: CSRF On Connect Account With Github Lead To Account Takeover

Summary: Hi I found it as the endpoint of Connecting the account with the github account vulnerable to CSRF attack because of the lack of endpoint protection against CSRF attack The attacker Can exploit this vulnerability to force users to link their account with his or her github account, which ...

0.9AI score
Exploits0
Citrix
Citrixadded 2016/05/24 12:0 a.m.7 views

Error: "Cannot add account" When Connecting Through iOS Receiver 6.1.4

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. The following error is received when connecting through iOS Receiver 6.1.4: "Cannot add account" The...

6.8AI score
Exploits0
Rows per page
Query Builder