Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.7 views

PT-2026-40532

OAuth State Validation Bypass via error Parameter Causes Local Server DoS in MCP Auth Callback --- Description The OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internal...

6.5CVSS5.9AI score0.00036EPSS
Exploits1References6
Cvelist
Cvelistadded 2023/10/19 11:27 p.m.13 views

CVE-2023-41893 Account takeover via auth_callback login in Home Assistant Core

Home assistant is an open source home automation. The audit team’s analyses confirmed that the redirecturi and clientid are alterable when logging in. Consequently, the code parameter utilized to fetch the accesstoken post-authentication will be sent to the URL specified in the aforementioned...

4.3CVSS5.7AI score0.00262EPSS
Exploits0References2
CNNVD
CNNVDadded 2023/10/19 12:0 a.m.1 views

Home Assistant Information Disclosure Vulnerability

Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. An information disclosure vulnerability exists in Home Assistant versions prior to 2023.9.0, which stems from a vulnerability that allows an attacker to log in and...

5.4CVSS6.2AI score0.00262EPSS
Exploits0References4
Prion
Prionadded 2022/12/06 1:15 a.m.9 views

Cross site scripting

Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in querybook/server/app/auth/oauthauth.py and querybook/server/app/auth/oktaauth.py. This may allow attackers to perform reflected cross site scripting...

5.8CVSS6AI score0.00288EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2022/12/06 12:33 a.m.43 views

CVE-2022-46151

CVE-2022-46151 affects Querybook, where user-provided data in the error field of the auth callback URL (oauth_auth.py and okta_auth.py) is not escaped, enabling reflected XSS if CSP is not enabled or unsafe-inline is allowed. Affected versions are before 3.14.2. Mitigation: upgrade to Querybook 3...

6.3CVSS6.1AI score0.00288EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2022/12/06 12:0 a.m.2 views

PT-2022-27768 · Querybook · Querybook

Name of the Vulnerable Software and Affected Versions: Querybook versions prior to 3.14.2 Description: The issue concerns Querybook, an open source data querying UI. In affected versions, user-provided data is not escaped in the error field of the auth callback URL in...

6.3CVSS5.9AI score0.00288EPSS
Exploits0References7
CNNVD
CNNVDadded 2022/07/12 12:0 a.m.2 views

ArgoCD 跨站脚本漏洞

Argo is an open source container-native workflow engine.ArgoCD is an application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository,...

6.1CVSS5.6AI score0.00157EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2022/07/12 12:0 a.m.1 views

PT-2022-20529 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 2.3.0 through 2.3.5 Argo CD versions 2.4.0 through 2.4.4 Description: The issue is a cross-site scripting XSS bug that could allow an attacker to inject arbitrary JavaScript in the "/auth/callback" page in a victim's browser...

6.1CVSS5.8AI score0.00157EPSS
Exploits0References10
Rows per page
Query Builder