Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Snyk
Snykadded 2026/03/09 5:24 p.m.0 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via improper validation of the redirecturi parameter. An attacker can intercept authorization codes by crafting a malicious authorization link that leverages userinfo/host confusion, causing the code to be sent to an...

7.1CVSS5.8AI score0.00017EPSS
Exploits0References2
Veracode
Veracodeadded 2025/04/16 3:5 a.m.5 views

Server Side Request Forgery (SSRF)

LNbits is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of callback URLs in the LNURL authentication handling functionality, allowing attackers to access internal resources by specifying internal network addresses...

9.3CVSS6.9AI score0.00087EPSS
Exploits2References4Affected Software1
Snyk
Snykadded 2023/04/24 6:31 a.m.1 views

Insufficiently Protected Credentials

Overview expo is an umbrella package that contains the client-side code for accessing system functionality such as contacts, camera, and location in Expo apps. Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the Expo AuthSession Redirect Proxy process...

9.6CVSS9.3AI score0.00833EPSS
Exploits0References2
Veracode
Veracodeadded 2022/05/10 6:13 a.m.18 views

Cross-site Scripting (XSS)

org.wso2.carbon.identity.mgt.endpoint.util is vulnerable to cross-site scripting. The vulnerability exists due to the lack of regular expression validation in the localVarPath parameter in the recover function of PasswordRecoveryApiV1.java, allowing an attacker to inject and execute malicious...

6.1CVSS6AI score0.00668EPSS
Exploits0References3Affected Software1
CNNVD
CNNVDadded 2022/03/29 12:0 a.m.1 views

Jenkins Bitbucket Server Integration Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier versions are...

5.4CVSS5.7AI score0.00205EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2022/03/29 12:0 a.m.2 views

PT-2022-18831 · Jenkins · Jenkins Bitbucket Server Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket Server Integration Plugin versions 3.1.0 and earlier Description: The issue results from the plugin not limiting URL schemes for callback URLs on OAuth consumers, leading to a stored cross-site scripting XSS vulnerability...

5.4CVSS5.1AI score0.00205EPSS
Exploits0References8
Hacker One
Hacker Oneadded 2015/03/22 4:26 p.m.62 views

Coinbase: Blacklist bypass on Callback URLs

In bug 47368, I was able to reach private IP addresses via the "Test Now" button of the "Callback URL" feature. Exploiting this flaw allowed me to reach the metadata server of your outbound proxy which is, afaik, maintained by Proximo. A comment by aianus states that callbacks are now restricted...

6.9AI score
Exploits0
Rows per page
Query Builder