Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2023/10/17 2:20 p.m.20 views

Cross-site Scripting via missing Binding syntax validation

Impact The package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting XSS in the IdP contex...

7.1CVSS6AI score0.00285EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2023/10/17 2:20 p.m.15 views

GHSA-267V-3V32-G6Q5 Cross-site Scripting via missing Binding syntax validation

Impact The package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting XSS in the IdP contex...

7.1CVSS6AI score0.00285EPSS
Exploits0References4
GithubExploit
GithubExploitadded 2022/10/31 1:24 p.m.817 views

Exploit for Improper Verification of Cryptographic Signature in Passport-Saml_Project Passport-Saml

Exploiting CVE-2022-39299 Signature bypass via multiple ro...

8.1CVSS8.4AI score0.04646EPSS
Exploits1
Github Security Blog
Github Security Blogadded 2022/08/18 6:55 p.m.24 views

apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page

Impact The default landing page contained HTML to display a sample curl command which is made visible if the full landing page bundle could not be fetched from Apollo's CDN. The server's URL is directly interpolated into this command inside the browser from window.location.href. On some older...

0.3AI score
Exploits0References3Affected Software1
0day.today
0day.todayadded 2020/02/04 12:0 a.m.162 views

F-Secure Internet Gatekeeper 5.40 - Heap Overflow Exploit

Exploit for linux platform in category web applications Title: F-Secure Internet Gatekeeper 5.40 - Heap Overflow PoC Author: Kevin Joensen Vendor: F-Secure Software: https://www.f-secure.com/en/business/downloads/internet-gatekeeper CVE: N/A Reference:...

0.1AI score
Exploits0
Kitploit
Kitploitadded 2019/02/02 8:45 p.m.246 views

Electronegativity - Tool To Identify Misconfigurations And Security Anti-Patterns In Electron Applications

Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications. It leverages AST and DOM parsing to look for security-relevant configurations, as described in the "Electron Security Checklist - A Guide for Developers and Auditors" whitepaper...

7.3AI score
Exploits0References5
seebug.org
seebug.orgadded 2017/09/28 12:0 a.m.25 views

Apache Commons Jelly connects to url with certain custom doctype definitions.

Severity: Medium Vendor: The Apache Software Foundation Versions Affected: commons-jelly-1.0 core, namely commons-jelly-1.0.jar Description: During jelly xml file parsing with xerces, if a custom doctype entity is declared with a ?SYSTEM? entity with a url and that entity is used in the body of t...

6.5AI score
Exploits0
Rows per page
Query Builder