Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Tenable Nessus
Tenable Nessusadded 2026/03/04 12:0 a.m.3 views

Plone <= 6.0.5 Cross-Frame Scripting (CVE-2024-0669)

The detected version of the python package plone version 6.0.5 or prior. It is, therefore, affected by a cross-frame scripting vulnerability. A remote attacker can exploit this via cross-frame scripting to trick a user into opening a invisible i-frame to collect credentials or keystrokes. Note th...

7.1CVSS7.1AI score0.0005EPSS
Exploits0References2
Huntr
Huntradded 2021/10/06 6:3 a.m.20 views

in chevereto/chevereto-free

Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills. This tricks...

1.3AI score
Exploits0
The Hacker News
The Hacker Newsadded 2018/07/04 8:10 a.m.62 views

CoinHive URL Shortener Abused to Secretly Mine Cryptocurrency Using Hacked Sites

Security researchers have been warning about a new malicious campaign that leverages an alternative scheme to mine cryptocurrencies without directly injecting the infamous CoinHive JavaScript into thousands of hacked websites. Coinhive is a popular browser-based service that offers website owners...

0.9AI score
Exploits0
The Hacker News
The Hacker Newsadded 2018/04/21 1:59 p.m.1 views

Flaw in LinkedIn AutoFill Plugin Lets Third-Party Sites Steal Your Data

Not just Facebook, a new vulnerability discovered in Linkedin's popular AutoFill functionality found leaking its users' sensitive information to third party websites without the user even knowing about it. LinkedIn provides an AutoFill plugin for a long time that other websites can use to let...

6.6AI score
Exploits0
exploitpack
exploitpackadded 2015/09/25 12:0 a.m.42 views

X2Engine 4.2 - Cross-Site Request Forgery

X2Engine 4.2 - Cross-Site Request Forgery Source: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5075/ Details: It was discovered that no protection against Cross-site Request Forgery attacks was implemented, resulting in an attacker being able to...

6.8CVSS0.9AI score0.00966EPSS
Exploits4
securityvulns
securityvulnsadded 2007/07/15 12:0 a.m.44 views

Session Riding and multiple XSS in WebCit

Vendor contacted: 2007-06-24 Affects: Webcit 7.11 Fixed: 2007-07-06 WebCit 7.11 1. Background WebCit is the webfrontend to administer and use Citadel, which is an open-source groupware server. 2. Session Riding 2.I. Problem Description It is possible for an attacker to execute actions in the name...

7.2AI score
Exploits0
Rows per page
Query Builder