Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2026/05/12 5:16 p.m.35 views

CVE-2026-44166 Pocketbase: Account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade

Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When th...

6.1CVSS0.0019EPSS
Exploits1References1
Github Security Blog
Github Security Blogadded 2026/05/05 9:17 p.m.6 views

PocketBase vulnerable to account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade

A pre-hijacking issue was discovered with the OAuth2 autolinking by Alardiians. In some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When the...

7.6CVSS5.7AI score0.0019EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2026/05/04 2:16 p.m.9 views

CVE-2026-6266

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...

8.3CVSS0.00394EPSS
Exploits0References5
OSV
OSVadded 2026/04/14 11:25 p.m.2 views

GHSA-M7R8-6Q9J-M2HC WWBN AVideo has an incomplete fix for CVE-2026-33500: XSS

Summary The incomplete XSS fix in AVideo's ParsedownSafeWithLinks class overrides inlineMarkup for raw HTML but does not override inlineLink or inlineUrlTag, allowing javascript: URLs in markdown link syntax to bypass sanitization. Affected Package - Ecosystem: Other - Package: AVideo - Affected...

5.9CVSS5.8AI score0.00218EPSS
Exploits2References7
CNNVD
CNNVDadded 2024/02/09 12:0 a.m.4 views

WordPress Plugin Internal Link Juicer: SEO Auto Linker for WordPress Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

4.8CVSS6AI score0.00301EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2023/02/15 5:53 a.m.4 views

SUSE CVE-2011-1497

A cross-site scripting vulnerability flaw was found in the autolink function in Rails before version 3.0.6...

6.1CVSS7AI score0.01243EPSS
Exploits1References3
Snyk
Snykadded 2021/10/20 7:17 a.m.2 views

Cross-site Scripting (XSS)

Overview rails is an opensource MVC web framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the autolink function in Rails. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwi...

7.5CVSS5.3AI score0.01243EPSS
Exploits1References2
CNNVD
CNNVDadded 2021/10/19 12:0 a.m.3 views

Rails 跨站脚本漏洞

Rails is a set of open source web application frameworks based on the Ruby language from the Rails team. A cross-site scripting vulnerability exists in the autolink function in versions prior to Rails 3.0.6. No more information on this vulnerability is available at this time, so stay tuned to CNN...

6.1CVSS6.4AI score0.01243EPSS
Exploits1References3
Rows per page
Query Builder