Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/03/11 9:16 p.m.1 views

CVE-2026-32111

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network...

5.3CVSS0.00042EPSS
Exploits0References1
NVD
NVDadded 2025/05/09 5:15 p.m.13 views

CVE-2025-0549

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through...

6.8CVSS0.00058EPSS
Exploits1References2
OSV
OSVadded 2025/05/09 5:15 p.m.0 views

UBUNTU-CVE-2025-0549

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through...

6.8CVSS5.7AI score0.00058EPSS
Exploits1References2
OSV
OSVadded 2025/05/09 4:13 p.m.1 views

CVE-2025-0549 Authentication Bypass Using an Alternate Path or Channel in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through...

6.8CVSS6.4AI score0.00058EPSS
Exploits1References5
Hacker One
Hacker Oneadded 2020/02/03 6:44 p.m.92 views

Stripo Inc: Authorization for wp-admin directory are vulnerable to brute force.

The domain https://my.stripo.email in the directory /wp-admin are not blocking amount of request in the authorization form, this leads to bruteforce attack. Where the attacker are able to guess tons of passwords without getting blocked or the password field gets locked. This attack make it possib...

7.6AI score
Exploits0
Cisco Threats
Cisco Threatsadded 2013/11/15 6:8 p.m.15 views

Threat Outbreak Alert: Fake Authorization Form Email Messages on November 14, 2013

Medium Alert ID: 31778 First Published: 2013 November 15 18:08 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an expense claim form for the recipient. The text in the email message attempts to convince the recipient to...

0.4AI score
Exploits0
Cisco Threats
Cisco Threatsadded 2013/10/15 8:17 p.m.23 views

Threat Outbreak Alert: Fake Vehicle Authorization Form Attachment Email Messages on October 15, 2013

Medium Alert ID: 31272 First Published: 2013 October 15 20:17 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a vehicle authorization form notification for the recipient. The text in the email message attempts to convinc...

0.2AI score
Exploits0
Rows per page
Query Builder