Lucene search
K

10 matches found

Nuclei
Nuclei
added yesterday46 views

Adlisting Classified Ads 2.14.0 - Information Disclosure

Information disclosure issue in the redirect responses, When accessing any page on the website, Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects. id: CVE-2023-4168 info: name: Adlisting Classified Ads 2.14.0 - Information Disclosure autho...

7.5CVSS6.3AI score0.36205EPSS
Exploits4References5
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43170

Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transferapp RPC function that returns distinct error messages for existing versus non-existing app IDs. Unauthenticated attackers can enumerate valid app IDs by observing error message differences when calling...

6.9CVSS6.1AI score0.00239EPSS
Exploits0References2
CVE
CVE
added 6 days ago21 views

CVE-2026-55429

Coder's CVE-2026-55429 describes a cross-workspace agent rebinding vulnerability in UpsertWorkspaceApp and insertAgentApp where a provisioner payload can bind a victim app to an attacker-controlled agent due to lack of workspace verification. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, ...

8.7CVSS6AI score0.00508EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/16 9:53 a.m.3 views

BIT-PARSE-2026-32269 Parse Server OAuth2 adapter app ID validation sends wrong token to introspection endpoint

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.39, the OAuth2 authentication adapter does not correctly validate app IDs when appidField and appIds are configured. During app ID validation, a malformed value is sent t...

6.5CVSS5.8AI score0.00276EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/13 8:2 p.m.7 views

Parse Server OAuth2 adapter app ID validation sends wrong token to introspection endpoint

Impact The OAuth2 authentication adapter does not correctly validate app IDs when appidField and appIds are configured. During app ID validation, a malformed value is sent to the token introspection endpoint instead of the user's actual access token. Depending on the introspection endpoint's...

6.5CVSS5.8AI score0.00276EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/09 5:42 p.m.5 views

GHSA-X6FW-778M-WR9V Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters

Impact The Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration option is not set clientId for Google/Apple, appIds for Facebook, JWT verification silently skips audience claim validation. This allows an...

9.3CVSS5.8AI score0.00525EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2023/09/02 12:0 a.m.401 views

PlayTube 3.0.1 Information Disclosure

Exploit Title: PlayTube 3.0.1 - Redirect Information Disclosure Exploit Author: CraCkEr Date: 19/08/2023 Vendor: PlayTube Vendor Homepage: https://playtubescript.com/ Software Link: https://demo.playtubescript.com/ Tested on: Windows 10 Pro Impact: Sensitive Information Leakage CVE: CVE-2023-4714...

7.1AI score0.0521EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/08/07 12:0 a.m.265 views

Adlisting Classified Ads 2.14.0 Information Disclosure

Exploit Title: Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure Exploit Author: CraCkEr Date: 25/07/2023 Vendor: Templatecookie Vendor Homepage: https://templatecookie.com/ Software Link: https://templatecookie.com/demo/adlisting-classified-ads-script Tested on: Windows 10...

7.1AI score0.36205EPSS
Exploits4
Malwarebytes
Malwarebytes
added 2023/01/24 5:0 a.m.20 views

VASTFLUX ad fraud massively affected millions of iOS devices, dismantled

Researchers have successfully dismantled a massive ad fraud campaign they stumbled upon by accident. The Satori Threat Intelligence and Research Team dubbed the campaign VASTFLUX, a portmanteau of "fast flux"--an evasion technique involving the constant changing of IP addresses behind a single...

0.5AI score
Exploits0
OSV
OSV
added 2022/09/21 8:43 p.m.5 views

GHSA-R657-33VP-GP22 parse-server auth adapter app ID validation can be circumvented

Impact Validation of the authentication adapter app ID for Facebook and Spotify may be circumvented. This fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for Facebook or Spotify and where the server-side...

3.7CVSS5.8AI score0.00439EPSS
Exploits0References6
Rows per page
Query Builder