Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2020-30795

Malware in sbrugna...

6.1CVSS6.4AI score0.00161EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2020-30796

Malware in sbrugna...

6.1CVSS6.4AI score0.00194EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/05/23 8:55 a.m.1 views

CVE-2024-29210

A local privilege escalation LPE vulnerability has been identified in Phish Alert Button for Outlook PAB, specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...

6CVSS7AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/04/25 9:19 p.m.5 views

CVE-2020-36844

The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL...

6.1CVSS6.8AI score0.00194EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2025/04/25 9:19 p.m.3 views

CVE-2020-36845

The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL...

6.1CVSS7AI score0.00161EPSS
Exploits1
NVD
NVDadded 2025/04/20 10:15 p.m.14 views

CVE-2020-36845

The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL...

6.1CVSS0.00161EPSS
Exploits1References1
OSV
OSVadded 2025/04/20 10:15 p.m.0 views

CVE-2020-36845

The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL...

6.1CVSS5.9AI score
Exploits0References1
OSV
OSVadded 2025/04/20 10:15 p.m.0 views

CVE-2020-36844

The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL...

6.1CVSS5.8AI score
Exploits0References1
CNNVD
CNNVDadded 2025/04/20 12:0 a.m.2 views

KnowBe4 Security Awareness Training 安全漏洞

KnowBe4 Security Awareness Training is a human risk management software from KnowBe4. A security vulnerability exists in KnowBe4 Security Awareness Training versions prior to 2020-01-10 that stems from vulnerability to reflective cross-site scripting attacks...

6.1CVSS6AI score0.00194EPSS
Exploits1References1
CVE
CVEadded 2025/04/20 12:0 a.m.51 views

CVE-2020-36844

KnowBe4 Security Awareness Training is affected by CVE-2020-36844, a reflected XSS in versions before 2020-01-10. The vulnerability arises from a response SCRIPT element that sets window.location.href to a JavaScript URL, enabling an attacker-controlled script reflected in the page. The CVSS base...

6.1CVSS6.8AI score0.00194EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2025/04/20 12:0 a.m.6 views

CVE-2020-36845

The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL...

5.3CVSS0.00161EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2025/04/20 12:0 a.m.5 views

CVE-2020-36845

The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL...

5.3CVSS7AI score0.00161EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/04/20 12:0 a.m.1 views

PT-2025-17416 · Knowbe4 · Knowbe4 Security Awareness Training

Name of the Vulnerable Software and Affected Versions: KnowBe4 Security Awareness Training versions prior to 2020-01-10 Description: The issue concerns a redirect function in the application that fails to validate the destination URL before redirecting. This allows the response to contain a SCRIP...

6.1CVSS6.5AI score0.00161EPSS
Exploits1References7
CVE
CVEadded 2025/04/20 12:0 a.m.49 views

CVE-2020-36845

The CVE-2020-36845 entry concerns KnowBe4 Security Awareness Training prior to 2020-01-10. A redirect function does not validate the destination URL, and the HTTP response contains a SCRIPT element that sets window.location.href to an arbitrary https URL, enabling an insecure redirect. Affected p...

6.1CVSS7AI score0.00161EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2025/04/20 12:0 a.m.7 views

CVE-2020-36844

The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL...

6.1CVSS0.00194EPSS
Exploits1References1
CNNVD
CNNVDadded 2025/04/20 12:0 a.m.2 views

KnowBe4 Security Awareness Training 安全漏洞

KnowBe4 Security Awareness Training is a human risk management software from KnowBe4. A security vulnerability exists in KnowBe4 Security Awareness Training versions prior to 2020-01-10, which stems from an unvalidated target URL resulting in an insecure redirection feature...

6.1CVSS6.6AI score0.00161EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2025/04/20 12:0 a.m.6 views

CVE-2020-36844

The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL...

6.1CVSS6.8AI score0.00194EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/04/20 12:0 a.m.2 views

PT-2025-17417 · Knowbe4 · Knowbe4 Security Awareness Training

Name of the Vulnerable Software and Affected Versions: KnowBe4 Security Awareness Training versions prior to 2020-01-10 Description: The issue allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL. Recommendations: For versions prior to...

6.1CVSS6.3AI score0.00194EPSS
Exploits1References8
Pen Test Partners Blog
Pen Test Partners Blogadded 2024/08/02 5:30 a.m.41 views

KnowBe4 RCE and LPE

Introduction Our latest investigation has uncovered significant security flaws in three KnowBe4 applications- Phish Alert Button, PasswordIQ, and Second Chance. These applications, commonly used in security awareness and training, were found to have vulnerabilities allowing remote command executi...

6CVSS8.6AI score0.00271EPSS
Exploits0
HackRead
HackReadadded 2024/07/25 12:39 a.m.10 views

Cybersecurity Firm KnowBe4 Tricked into Hiring North Korean Hacker as IT Pro

Cybersecurity firm KnowBe4 was tricked by a North Korean hacker posing as an IT worker whose next step…...

7.3AI score
Exploits0
Rows per page
Query Builder