Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5 matches found

NVD
NVDadded 2023/03/01 5:15 p.m.23 views

CVE-2023-0460

The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXTINCLUDECODE | Context.CONTEXTIGNORESECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main App’s...

7.3CVSS6.2AI score0.00018EPSS
Exploits0References1
OSV
OSVadded 2023/03/01 5:15 p.m.0 views

CVE-2023-0460

The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXTINCLUDECODE | Context.CONTEXTIGNORESECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main App’s...

7.3CVSS7.3AI score0.00018EPSS
Exploits0References1
Prion
Prionadded 2023/03/01 5:15 p.m.14 views

Design/Logic Flaw

The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXTINCLUDECODE | Context.CONTEXTIGNORESECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main App’s...

4.1CVSS7.3AI score0.00018EPSS
Exploits0References1Affected Software1
Hacker One
Hacker Oneadded 2018/10/10 9:31 a.m.7 views

Shopify: H1514 DOMXSS on Embedded SDK via Shopify.API.setWindowLocation abusing cookie Stuffing

Hi Team! I'm reporting a rather unusual DOMXSS that allows an attacker to perform a XSS attack on any Shopify apps that use the Embedded SDK. To exploit this, several techniques were chained together: Cookie Stuffing - Login CSRF - Not Open Redirect - DOMXSS. Details Inspired by 381192, I decided...

6.2AI score
Exploits0
CNVD
CNVDadded 2017/08/25 12:0 a.m.0 views

Xiaoming probe test Ali cloud OSS credentials have information leakage vulnerability

Xiaoming tan exam app is a learning mobile app application. Xiaoming Tangkao Ali Cloud OSS credentials have an information leakage vulnerability. The vulnerability is caused by credential leakage due to the use of SDK with accessKeyId and accessKeySecret, endpoint built into the mobile app. An...

6.9AI score
Exploits0
Rows per page
Query Builder