Lucene search
K

4133 matches found

Nuclei
Nuclei
added 8 hours ago173 views

PHPJabbers Callback Widget v1.0 - Cross-Site Scripting

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0. id: CVE-2023-40755 info: name: PHPJabbers Callback Widget v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | There is a Cross Site Scripting...

6.1CVSS6.4AI score0.01202EPSS
Exploits0References2
Nuclei
Nuclei
added 8 hours ago17 views

LearnPress < 4.3.0 - Arbitrary Callback Execution to Information Exposure

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...

5.3CVSS6.3AI score0.00934EPSS
Exploits0References1
CVE
CVE
added 5 days ago8 views

CVE-2026-12597

Summary (CVE-2026-12597) : The LoginPress Pro WordPress plugin (versions up to and including 6.2.3) contains an authentication bypass via the GitHub OAuth callback. The flaw resides in the loginpress_on_github_login() function, which blindly trusts the first element (profile[0]['email']) from Git...

8.1CVSS6AI score0.00422EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago4 views

Security Bulletin: Due to use of Golang Go, multiple vulnerabilities affect IBM Cloud Pak System

Summary Due to use of Golang Go multiple vulnerabilities affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2026-39827 DESCRIPTION: An authenticated SSH client that repeatedly opened channels which were rejected by the server...

9.1CVSS6.7AI score0.00533EPSS
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56660

Name of the Vulnerable Software and Affected Versions Ray Enterprise Translation versions 0.0.0 through 4.0.4 Ray Enterprise Translation versions 4.1.0 through 4.1.4 Ray Enterprise Translation versions 11.0.0 through 11.0.4 Description Cross-Site Request Forgery CSRF occurs when a module fails to...

6.1AI score0.00119EPSS
Exploits0References3
NVD
NVD
added last week7 views

CVE-2026-55076

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string...

7.4CVSS0.00479EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added last week4 views

CVE-2026-58371

A flaw was found in SeaweedFS. This vulnerability allows a remote attacker to disclose sensitive information by exploiting an unvalidated JSONP JavaScript Object Notation with Padding callback parameter. The system reflects the callback parameter directly into responses without proper validation ...

3.1CVSS5.8AI score0.0021EPSS
Exploits0References8
OSV
OSV
added 2026/07/06 9:53 p.m.2 views

CVE-2026-43928 FOSSBilling: Payment amount not validated in PayPalEmail adapter allows invoice underpayment

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the PayPalEmail payment adapter accepts PayPal IPN callbacks and credits the IPN-supplied amount mcgross to the client's balance without validating it against the invoice total. Combined with a $0.05...

2.3CVSS5.9AI score0.00274EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/06 8:53 p.m.36 views

CVE-2026-42341 FOSSBilling has an unauthenticated payment bypass via IPN callback forgery

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit...

9.2CVSS0.00184EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:53 p.m.5 views

CVE-2026-42341

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit...

9.2CVSS6AI score0.00184EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/06 8:53 p.m.3 views

CVE-2026-42341 FOSSBilling has an unauthenticated payment bypass via IPN callback forgery

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit...

9.2CVSS6AI score0.00184EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/06 8:36 p.m.5 views

EUVD-2026-41941

Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...

8.6CVSS6AI score0.00153EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:36 p.m.4 views

CVE-2026-59713

Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...

8.6CVSS6AI score0.00153EPSS
Exploits0References5
CVE
CVE
added 2026/07/06 8:36 p.m.12 views

CVE-2026-59713

CVE-2026-59713 (Leantime) describes an OIDC login CSRF vulnerability in the verifyState() method, where the function unconditionally returns true without validating state parameters. This allows attackers to craft malicious callback URLs with attacker-controlled authorization codes to perform ses...

8.6CVSS6AI score0.00153EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/06 7:19 p.m.4 views

CVE-2026-9547

A flaw was found in curl. When a libcurl-based application uses SCP:// or SFTP:// for transfers and employs the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This occurs if the server's host key type differs from the one stored in the knownhosts file. The callback...

7.4CVSS5.8AI score0.00508EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.6 views

PT-2026-56010

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.6.0 through 0.7.2 Description An unauthenticated payment bypass exists in the IPN callback endpoint /ipn.php. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit the...

9.2CVSS6.1AI score0.00184EPSS
Exploits0References5
CVE
CVE
added 2026/07/04 5:52 p.m.20 views

CVE-2026-12746

CVE-2026-12746 affects Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 (Perl). The underlying issue is that the OAuth 2.0 state parameter is not supported, causing the authentication_url to redirect without a state value and the callback to process the response without binding it to t...

8.1CVSS5.9AI score0.00186EPSS
Exploits0References4
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the OAuth sign-in callback process. An attacker can regain access to accounts that have been disabled by an administrator by initiating an OAuth sign-in, resulting in unauthorized re-enablement of those account...

9.8CVSS6AI score0.00343EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:17 p.m.7 views

CVE-2026-58422

Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts...

9.8CVSS0.00343EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:54 p.m.9 views

CVE-2026-58422

Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts...

5.9AI score0.00343EPSS
Exploits0References5
Rows per page
Query Builder