Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

108 matches found

CVE
CVEadded 2020/07/17 3:27 p.m.155 views

CVE-2020-14001

The vulnerability CVE-2020-14001 affects the kramdown Ruby gem prior to 2.3.0, where the template option is processed by default in Kramdown documents. This can allow unintended read access (e.g., template="/etc/passwd") or unintended embedded Ruby code execution (e.g., template="string://<%= ...

9.8CVSS9.3AI score0.07509EPSS
Exploits0References13Affected Software1
AlpineLinux
AlpineLinuxadded 2020/07/17 3:27 p.m.48 views

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS9.6AI score0.07509EPSS
Exploits0
RubySec
RubySecadded 2020/06/28 12:0 a.m.18 views

Unintended read access in kramdown gem

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS2.6AI score0.07509EPSS
Exploits0References1Affected Software1
Hacker One
Hacker Oneadded 2020/03/09 2:16 a.m.54 views

Mail.ru: [staging.tarantool.org] Github Pages Subdomain-take-over

Unused staging.tarantool.org subdomain was delegated to github pages and was not claimed...

1.5AI score
Exploits0
Hacker One
Hacker Oneadded 2018/07/18 9:14 a.m.75 views

Augur: Subdomain takeover on slack.augur.net pointing to GitHub Pages

Summary The slack.augur.net record wasn't removed from the DNS after the migration to Discord invite.augur.net and was pointing to a non-existent page on GitHub Pages. So a subdomain takeover was possible and a proof-of-concept has been done to confirm this. Description Searching for subdomains o...

0.1AI score
Exploits0
CNVD
CNVDadded 2018/06/04 12:0 a.m.2 views

gh-pages design flaws

gh-pages is a tool that enables you to deploy projects to Github pages using Grunt. A security vulnerability exists in gh-pages versions prior to 0.9.1. An attacker can exploit the vulnerability to write unencrypted github credentials to a log file...

8.6CVSS6.8AI score0.003EPSS
Exploits0References1
Hacker One
Hacker Oneadded 2018/03/04 12:44 a.m.36 views

X (Formerly Twitter): Takeover of Twitter-owned domain at mobileapplinking.com

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: Not sure there is much of a...

6.6AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blogadded 2016/08/04 8:57 a.m.8 views

Service worker meeting notes

On July 28th-29th we met up in the Mozilla offices in Toronto to discuss the core service worker spec. I'll try and cover the headlines here. Before I get stuck in to the meaty bits of the meeting, our intent here is to do what's best for developers and the future of the web, so if you disagree...

6.4AI score
Exploits0
Rows per page
Query Builder