Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

451112 matches found

EUVD
EUVDadded 6 days ago6 views

EUVD-2026-38360

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported responsetype and supplies an attacker-controlled redirecturi. The...

5.4CVSS6AI score0.0016EPSS
Exploits1References2
CVE
CVEadded 6 days ago25 views

CVE-2026-41479

Authlib’s OAuth 2.0 authorization endpoint is vulnerable to an unauthenticated open redirect when an unsupported response_type is requested and a attacker-controlled redirect_uri is supplied. This occurs before client lookup and any redirect_uri validation, allowing a single request to yield a 30...

5.4CVSS6AI score0.0016EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 6 days ago4 views

CVE-2026-41479 Authlib OAuth 2.0 authorization endpoint open redirects to attacker-controlled redirect_uri on unsupported response_type

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported responsetype and supplies an attacker-controlled redirecturi. The...

5.4CVSS6AI score0.0016EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 6 days ago4 views

CVE-2026-41479

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported responsetype and supplies an attacker-controlled redirecturi. The...

5.4CVSS6AI score0.0016EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 6 days ago23 views

CVE-2026-41479 Authlib OAuth 2.0 authorization endpoint open redirects to attacker-controlled redirect_uri on unsupported response_type

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported responsetype and supplies an attacker-controlled redirecturi. The...

5.4CVSS0.0016EPSS
Exploits1References2
Snyk
Snykadded 6 days ago2 views

Directory Traversal

Overview github.com/containers/buildah/imagebuildah is a tool that facilitates building OCI images. Affected versions of this package are vulnerable to Directory Traversal in the processing of build contexts or when handling add or copy instructions. An attacker can access files outside of the...

8.2CVSS6.5AI score
Exploits0References2
Snyk
Snykadded 6 days ago5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the processing of build contexts or when handling add or copy instructions. An attacker can access files outside of the intended build context by serving a malicious Git repository or tar archive, potentially...

8.2CVSS6.5AI score
Exploits0References2
Snyk
Snykadded 6 days ago5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the processing of build contexts or when handling add or copy instructions. An attacker can access files outside of the intended build context by serving a malicious Git repository or tar archive, potentially...

8.2CVSS6.5AI score
Exploits0References2
Snyk
Snykadded 6 days ago4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the processing of build contexts or when handling add or copy instructions. An attacker can access files outside of the intended build context by serving a malicious Git repository or tar archive, potentially...

8.2CVSS6.5AI score
Exploits0References2
Snyk
Snykadded 6 days ago4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the processing of build contexts or when handling add or copy instructions. An attacker can access files outside of the intended build context by serving a malicious Git repository or tar archive, potentially...

8.2CVSS6.5AI score
Exploits0References2
Snyk
Snykadded 6 days ago5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the processing of build contexts or when handling add or copy instructions. An attacker can access files outside of the intended build context by serving a malicious Git repository or tar archive, potentially...

8.2CVSS6.5AI score
Exploits0References2
Snyk
Snykadded 6 days ago5 views

Directory Traversal

Overview go.podman.io/buildah/imagebuildah is a tool that facilitates building OCI images. Affected versions of this package are vulnerable to Directory Traversal in the processing of build contexts or when handling add or copy instructions. An attacker can access files outside of the intended...

8.2CVSS6.5AI score
Exploits0References2
Snyk
Snykadded 6 days ago5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the processing of build contexts or when handling add or copy instructions. An attacker can access files outside of the intended build context by serving a malicious Git repository or tar archive, potentially...

8.2CVSS6.5AI score
Exploits0References2
Snyk
Snykadded 6 days ago4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the processing of build contexts or when handling add or copy instructions. An attacker can access files outside of the intended build context by serving a malicious Git repository or tar archive, potentially...

8.2CVSS6.5AI score
Exploits0References2
Snyk
Snykadded 6 days ago3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the processing of build contexts or when handling add or copy instructions. An attacker can access files outside of the intended build context by serving a malicious Git repository or tar archive, potentially...

8.2CVSS6.5AI score
Exploits0References2
OSV
OSVadded 6 days ago10 views

GHSA-XJVP-4FHW-GC47 runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations

Impact When setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join string which allow an image with /dev as a symlink to trick runc into deleting files called ptmx on the host or creating a hardcoded set of symlinks with specific names a...

4.8CVSS5.7AI score0.00011EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 6 days ago5 views

runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations

Impact When setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join string which allow an image with /dev as a symlink to trick runc into deleting files called ptmx on the host or creating a hardcoded set of symlinks with specific names a...

5.7AI score0.00011EPSS
Exploits0References2Affected Software1
Snyk
Snykadded 6 days ago2 views

Insufficient Verification of Data Authenticity

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the webhook.php process. An attacker can manipulate wallet balances and gain unauthorized access to premium...

7.1CVSS5.9AI score
Exploits0References2
OSV
OSVadded 6 days ago2 views

GHSA-95JH-7R58-XMXW AVideo has an Authorize.Net Webhook Signature Bypass that Enables Wallet Balance Inflation via Forged Payment Data

Summary The Authorize.Net webhook handler at plugin/AuthorizeNet/webhook.php contains a signature verification bypass that allows an attacker to forge webhook requests with arbitrary payment amounts and target user IDs. By supplying a valid transaction ID from a small legitimate purchase, the...

6.5CVSS6.2AI score
Exploits0References3
Github Security Blog
Github Security Blogadded 6 days ago7 views

AVideo has an Authorize.Net Webhook Signature Bypass that Enables Wallet Balance Inflation via Forged Payment Data

Summary The Authorize.Net webhook handler at plugin/AuthorizeNet/webhook.php contains a signature verification bypass that allows an attacker to forge webhook requests with arbitrary payment amounts and target user IDs. By supplying a valid transaction ID from a small legitimate purchase, the...

6.2AI score
Exploits0References3Affected Software1
Rows per page
Query Builder