Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Prion
Prionadded 2023/03/01 5:15 p.m.14 views

Design/Logic Flaw

The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXTINCLUDECODE | Context.CONTEXTIGNORESECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main App’s...

4.1CVSS7.3AI score0.00018EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linuxadded 2020/07/22 12:13 p.m.1 views

openstack-keystone: Credentials endpoint policy logic allows changing credential owner and target project ID

A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any authenticated user to create an EC2 credential for themselves for a project that they have a specified role, and then perform an update to the credential user and project, allowing them to masquerade as another user...

8.8CVSS7.1AI score0.03566EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2020/06/24 12:43 p.m.1 views

openstack-keystone: Credentials endpoint policy logic allows changing credential owner and target project ID

A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any authenticated user to create an EC2 credential for themselves for a project that they have a specified role, and then perform an update to the credential user and project, allowing them to masquerade as another user...

8.8CVSS7.1AI score0.03566EPSS
Exploits0References5
CNVD
CNVDadded 2018/06/04 12:0 a.m.1 views

Input validation vulnerability in multiple Apple products

Apple iOS, macOS High Sierra, tvOS, and watchOS are products of Apple Inc. Apple iOS is a suite of operating systems for mobile devices; macOS High Sierra is a specialized operating system for Mac computers; tvOS is a smart TV operating system; and watchOS is a smart watch operating system.Messag...

5.5CVSS6.2AI score0.00181EPSS
Exploits0References1
Broadcom
Broadcomadded 2017/06/23 12:0 a.m.7 views

BSA-2017-318

Security Advisory ID : BSA-2017-318 Component : SSH1 Revision : 1.0: Interim The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a...

7.5CVSS6.9AI score0.04878EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2016/12/08 12:0 a.m.2611 views

SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)

The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm e.g., MD2, MD4, MD5, or SHA1. These signature algorithms are known to be vulnerable to collision attacks CVE-2004-2761, for example. An attacker can...

9.8CVSS6.5AI score0.08251EPSS
Exploits0References3
OSV
OSVadded 2006/12/07 11:28 p.m.3 views

PYSEC-2006-6

Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group."...

4.3CVSS6.2AI score0.00593EPSS
Exploits0References5
Rows per page
Query Builder