Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Snyk
Snykadded 2026/03/31 10:32 p.m.4 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview fastmcp is a The fast, Pythonic way to build MCP servers and clients. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' in the OAuthProxy.handleidpcallback function. An attacker can gain unauthorized access to resources associated with...

9.3CVSS6AI score0.00063EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/03/26 11:3 p.m.0 views

CVE-2026-33720

n8n is an open source workflow automation platform. Prior to version 2.8.0, when the N8NSKIPAUTHONOAUTHCALLBACK environment variable is set to true, the OAuth callback handler skips ownership verification of the OAuth state parameter. This allows an attacker to trick a victim into completing an...

6.3CVSS5.8AI score0.00014EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/01/13 12:0 a.m.1 views

Cal.com 安全漏洞

Cal.com is an open source scheduling software from Cal.com Open Source. A security vulnerability exists in Cal.com versions 3.1.6 through prior to 6.0.7, which stems from a flaw in the custom NextAuth JWT callback that could allow an attacker to gain full authentication access to any user account...

10CVSS6AI score0.0014EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2025/12/19 5:0 a.m.2 views

CVE-2025-14546

Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state parameter during the authentication callback. While the getloginurl method allows for state generation, it does not persist the state or bind it to...

6.9CVSS6.5AI score0.00097EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/08/15 12:0 a.m.3 views

PT-2025-33489 · Firebird · Firebird

Name of the Vulnerable Software and Affected Versions: Firebird versions prior to 4.0.6.3183 Firebird versions prior to 5.0.2.1610 Firebird versions prior to 6.0.0.609 Description: Firebird is a relational database. If the ExtConnPoolSize parameter is not set to 0, a server process segfault may...

8.8CVSS6.4AI score0.00138EPSS
Exploits1References12
CVE
CVEadded 2019/05/06 4:47 p.m.32 views

CVE-2019-5431

Twitter Kit for iOS versions 3.0–3.4.0 is affected by a callback verification flaw in the Login with Twitter component. The root cause is an incomplete validation of the authentication response sent via the registered custom URL scheme, allowing an attacker to forge the final step of the login fl...

5.5CVSS5.1AI score0.00076EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2019/02/04 7:29 p.m.2 views

UBUNTU-CVE-2019-7346

A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful...

8.8CVSS7.3AI score0.00141EPSS
Exploits1References3
Kitploit
Kitploitadded 2013/03/15 12:40 p.m.16 views

[SCIP] Indentify, Enumerate & Execute Invisible ASP.net Controls

SCIP is an OWASP ZAP extension designed to assess the security of ASP.net and Mono applications, while abusing platform specific behaviors and misconfigurations. The extension currently supports the following features: Identify the existence of invisible, commented and disabled server side web...

7.3AI score
Exploits0
Rows per page
Query Builder