Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-54444

Name of the Vulnerable Software and Affected Versions probod versions prior to 0.194.1 Description The saferedirect package in go.probo.inc/probo fails to properly validate redirect URLs used in authentication flows, such as OIDC, SAML, session transfer, OAuth connectors, and trust-center magic...

4.7CVSS6AI score
Exploits0References5
Cvelist
Cvelist
added 2026/04/08 6:26 p.m.27 views

CVE-2026-35400 LORIS incorrectly trusts user input in publication module

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, an endpoint in the publication module was incorrectly trusting the baseURL submitted by a user's PO...

3.5CVSS0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/17 12:30 p.m.7 views

EUVD-2026-12558

Apache Airflow versions 3.1.0 through 3.1.7 session token token in cookies is set to path=/ regardless of the configured webserver baseurl or api baseurl. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...

7.5CVSS5.8AI score0.00677EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2026/02/02 1:45 p.m.6 views

Scam-checking just got easier: Malwarebytes is now in ChatGPT

If you’ve ever stared at a suspicious text, email, or link and thought “Is this a scam… or am I overthinking it?” Well, you’re not alone. Scams are getting harder to spot, and even savvy internet users get caught off guard. That’s why Malwarebytes is the first cybersecurity provider available...

5.3AI score
Exploits0
NVD
NVD
added 2026/01/21 10:15 p.m.15 views

CVE-2026-23499

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...

8.5CVSS0.00228EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-42333

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to...

8.6CVSS6.8AI score0.01189EPSS
Exploits0References2
CVE
CVE
added 2025/03/18 12:0 a.m.38 views

CVE-2025-30140

CVE-2025-30140 concerns G-Net Dashcam BB GONX devices where an internal domain uses an unregistered public domain name. This creates a risk that an attacker could register that domain and, if the device resolves it publicly, could intercept traffic and enable data exfiltration or a man‑in‑the‑mid...

7.5CVSS6.4AI score0.00334EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2020/08/06 12:15 a.m.16 views

Acronis: Subdomain Takeover – jet.acronis.com pointing to unclaimed Webflow services

Hi Team, Greetings! I've come across jet.acronis.com of acronis.com pointing to an unclaimed Webflow service. Visiting the jet.acronis.com returned the default 404 page for Webflow service, thereby making it potential for subdomain takeover. F937948 jet.acronis.com CNAME pointed to...

7.5AI score
Exploits0
Rows per page
Query Builder