Lucene search
K

5 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-41941

Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...

8.6CVSS6AI score
Exploits0References4
Snyk
Snyk
added 2025/12/09 12:0 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview fastapi-sso is a FastAPI plugin to enable SSO to most common providers such as Facebook login, Google login and login via Microsoft Office 365 Account Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state...

6.9CVSS7AI score0.00311EPSS
Exploits0References3
Veracode
Veracode
added 2024/05/17 3:42 a.m.7 views

Cross Site Scripting (XSS)

friendsofsymfony/rest-bundle is vulnerable to Cross Site Scripting XSS. The vulnerability is due to incorrect jsonp validation due to sanitizing the callback query param name rather than its value, which allows potentially malicious callback values to be processed, leading to Cross Site Scriping...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2017/10/18 5:59 p.m.28 views

Inflection: Malicious callback url can be set while creating application in identity

Researcher found that while creating any application in identity, you are required to provide callback url. If you provide a malicious callback url then javascript will stop you from submitting form. But their is no server side validation and we can use an application proxy to bypass the javascri...

1AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2010/01/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2008-2042

The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function...

9.3CVSS6.4AI score0.05014EPSS
Exploits0References1
Rows per page
Query Builder