Lucene search
K

101 matches found

CVE
CVE
added 2026/04/06 2:51 p.m.13 views

CVE-2026-33510

Homarr (open-source dashboard) contains a DOM-based XSS in the /auth/login flow prior to version 1.57.0. The app trusts a URL parameter (callbackUrl) that is passed to redirect and router.push, enabling an attacker with an authenticated user to craft a malicious link that performs a client-side r...

8.8CVSS5.9AI score0.00234EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/04/06 2:51 p.m.6 views

EUVD-2026-19287

Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting XSS vulnerability has been discovered in Homarr's /auth/login page. The application improperly trusts a URL parameter callbackUrl, which is passed to redirect and router.push. An attacker can craft a malicious...

8.8CVSS5.9AI score0.00234EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.12 views

PT-2026-30629

Name of the Vulnerable Software and Affected Versions Homarr versions prior to 1.57.0 Description Homarr is an open-source dashboard. A DOM-based Cross-Site Scripting XSS issue exists in the /auth/login page. The application improperly trusts the callbackUrl URL parameter, which is used in redire...

8.8CVSS6.1AI score0.00234EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.7 views

CVE-2026-33619

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3...

4.1CVSS5.9AI score0.00249EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.7 views

CVE-2026-33506

Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting XSS vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter callbackUrl,...

8.8CVSS6AI score0.00428EPSS
Exploits1References1
NVD
NVD
added 2026/03/26 9:17 p.m.4 views

CVE-2026-33619

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3...

5.5CVSS0.00249EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/26 8:34 p.m.30 views

CVE-2026-33619 PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3...

4.1CVSS0.00249EPSS
Exploits1References3
OSV
OSV
added 2026/03/26 8:34 p.m.4 views

CVE-2026-33619 PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3...

4.1CVSS6.3AI score0.00249EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:34 p.m.3 views

CVE-2026-33619

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3...

4.1CVSS5.8AI score0.00249EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/26 8:34 p.m.14 views

CVE-2026-33619

PinchTab v0.8.3 exposes an unauthenticated blind SSRF via the scheduler’s webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the scheduler issues an outbound POST to that URL at terminal state. The webhook path only validated the URL scheme, failing...

5.5CVSS5.8AI score0.00249EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 8:34 p.m.2 views

CVE-2026-33619 PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3...

4.1CVSS5.9AI score0.00249EPSS
Exploits1References3
NVD
NVD
added 2026/03/26 7:17 p.m.8 views

CVE-2026-33506

Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting XSS vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter callbackUrl,...

8.8CVSS0.00428EPSS
Exploits1References2
OSV
OSV
added 2026/03/26 6:48 p.m.12 views

CVE-2026-33506 DOM-Based XSS in Ory Polis Login Page

Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting XSS vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter callbackUrl,...

8.8CVSS6AI score0.00428EPSS
Exploits1References4
CVE
CVE
added 2026/03/26 6:48 p.m.12 views

CVE-2026-33506

Ory Polis (formerly BoxyHQ Jackson) contains a DOM-based XSS in its login flow prior to version 26.2.0 . The vulnerability stems from trusting a URL parameter callbackUrl that is passed to router.push, allowing an attacker to lure a user into opening a malicious link, which triggers a client-side...

8.8CVSS5.9AI score0.00428EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/26 6:48 p.m.9 views

EUVD-2026-16320

Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting XSS vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter callbackUrl,...

8.8CVSS5.9AI score0.00428EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/26 6:48 p.m.6 views

CVE-2026-33506

Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting XSS vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter callbackUrl,...

8.8CVSS5.9AI score0.00428EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 6:48 p.m.5 views

CVE-2026-33506 DOM-Based XSS in Ory Polis Login Page

Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting XSS vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter callbackUrl,...

8.8CVSS5.9AI score0.00428EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.7 views

PT-2026-28487

Name of the Vulnerable Software and Affected Versions Ory Polis versions prior to 26.2.0 Description Ory Polis, previously known as BoxyHQ Jackson, functions as a bridge or proxy for a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 are susceptible to a DOM-based Cross-Si...

8.8CVSS6.2AI score0.00428EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.5 views

SUSE CVE-2026-28512

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. From 2.0.0 to before 2.4.0, a flaw in callback URL validation allowed crafted redirecturi values containing URL userinfo @ to bypass legitimate callback pattern checks. If an attacker can trick a...

7.1CVSS5.9AI score0.00204EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/24 7:32 p.m.14 views

PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl

Summary PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3 scheduler sends an outbound HTTP POST to that URL when the task reaches a terminal state. ...

5.5CVSS5.9AI score0.00249EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder